Compliance and 
Security Protocols

Visit Trust Center

Compliance and Security

In pursuit of ensuring the confidentiality, integrity, and availability of information, Freyr has adopted a formal risk management framework and developed an IRMS (Integrated Regulatory Management System).

This system is relevant to our cloud-native capabilities and is continuously improved. It is aligned to our business objectives and ensures that our customers' contractual, statutory, regulatory, legal, and business continuity requirements are complied with.

Freyr ensures that all our technology, product, and service workloads on cloud focus on the CSP’s (Cloud Service Provider) best practices which include but are not limited to:

The operational performance of freya fusion - Freyr's applications is enhanced with the efficient use of CSP native services. This is delivered by maintaining a cost-efficient environment, wherein Freyr's SaaS applications will auto scale-up/down to meet changes in business demand and the required technology capabilities.

Freyr has a good number of cloud certified resources. As a part of life cycle management, each individual is well versed in the cloud technologies and deliver CSP’s best practices while implementing and designing a technical solution. Freyr's CTO (Chief Technology Officer) ensures all these technology capabilities and services are compliant with the industry best practices as recommended by the CSP.

  • Continuous Improvement
  • Operations
  • Risk & Vulnerability Management
  • Access Control
  • Incident Response Procedure
  • Monitoring
  • BCP (Business Continuity Plan)
  • Automation
  • Security Awareness Training

Freyr's Cloud Infrastructure Security

Freyr leverages the secure infrastructure and hosting services of the cloud service providers, that are deemed leaders within the realm of the cloud computing services industry.

By leveraging the natively offered cloud services that are scalable, reliable, performance efficient and deliver operational excellence, Freyr delivers security by leveraging the listed below guardrails that include but are not limited to.

  • Understanding and fully leveraging the shared responsibility model as applicable within the cloud computing context, wherein the security of the cloud is the CSP’s responsibility and security within the cloud is the customer’s (Freyr's) responsibility.
  • Freyr offers technology products and services to our customers in a SaaS model, wherein the customers of Freyr are responsible for their data and the users that have access. This capability is delivered to our customers by providing SSO service across all our products. All applications offered by Freyr can be integrated with the customer’s SSO (Single Sign-On).
  • Freyr Partners with cloud service providers to ensure their architectural best practices are followed and applied within our cloud architecture, engineering, and day-to-day operations.
  • We provide identity and access management best practices that ensure all authentication and authorization events follow the guardrails that include but are not limited to:
    • Applicable Multifactor Authentication Schemes
    • Principle of Least Privileges That Are Programmatically Applied and Followed
    • Granular Access Controls Based on Pre-Defined Rules and Assigned Roles
    • SSO Capabilities Offered to Our Customers
    • Just-in-Time Access Principles
    • Real-Time Monitoring and Alerting Capabilities
  • Encryption of data at rest and in transit in the absence of any applicable end of life hardware and software.
  • Backup and a robust disaster recovery mechanism that ensures data and service availability in the event of any unforeseen catastrophic event. BCP is tested at pre-defined intervals, and a standard RTO (Recovery Point Objective) and RPO (Recovery Time Objective) are defined.
  • Well-defined procedure to identify, respond, and remediate an IT/security incident.
  • Pre-defined timelines based on the severity to manage and remediate security vulnerabilities.
  • Regular periodic cadence calls with our CSP resources (e.g. dedicated Technical Account Manager (TAM)).
  • Run time security controls – EDR (End Point Detection & Response) within our cloud workloads, that give elementary information for any anomalous behaviours.