Trust Center

Inderes, a Nordic investor media company connecting investors with listed companies, maintains comprehensive security frameworks built on core values of Independence, Passion, Quality, and Longevity. We protect sensitive financial data through enterprise-grade security measures meeting demanding regulatory requirements.

Integrity by Design

Security and data protection are woven into the fabric of everything we do at Inderes. Our commitment goes beyond compliance — we've architected our systems with privacy and security as core principles from the ground up. When you work with us, you can be confident that your sensitive financial information remains confidential, accessible only to authorized personnel, and protected by enterprise-grade security measures that meet the most demanding regulatory requirements.

Compliance

ISO 27001

Inderes has implemented an Information Security Management System (ISMS) aligned with ISO/IEC 27001 international standards. Coverage extends across all business functions, information assets, personnel, and IT systems supporting Nordic operations, including remote and cloud-based environments.

GDPR

We maintain full compliance with the General Data Protection Regulation, emphasizing lawful, transparent, and secure data processing. We implement strict data minimization practices, maintain clear consent mechanisms, and guarantee rights to access, rectify, and delete information.

Data Ownership

Users retain full control over their data. Inderes maintains clear ownership boundaries, provides visibility into data usage, storage, and sharing practices. Users can export data, modify access permissions, and request deletion according to retention policies. We prohibit using proprietary data to benefit competitors.

Controls

Infrastructure Security

  • Multi-region deployment across availability zones
  • Network segmentation with segregated VPCs and firewalls
  • Defense in depth with multiple security control layers

Data Protection

  • AES-256 encryption at rest for all cloud-stored data
  • TLS 1.2+ encryption in transit for all transmissions
  • Secure cryptographic key lifecycle management

Access Controls

  • Principle of least privilege enforced per role
  • Multi-factor authentication for critical systems
  • Single sign-on (SSO) for streamlined access

Application Security

  • Security by design integrated into all development phases
  • Mandatory peer code review before deployment
  • Automated runtime security analysis in production

Data Security & Privacy

  • Dedicated Data Protection Officer for compliance
  • Clear lawful basis for all personal data processing
  • Comprehensive data subject rights processes

Incident Response & Business Continuity

  • Designated disaster response team with clear escalation
  • Systematic impact assessment and prioritization
  • Immediate containment procedures to limit spread

Security Governance

  • Management team provides strategic oversight
  • IT coordination group for tactical decisions led by CFO
  • Technology team handles security monitoring and implementation

Audits & Reviews

  • Regular internal security audits by trained personnel
  • Continuous monitoring of control effectiveness
  • Plans for independent external assessments and certifications

Vendor & Third-Party Security

  • Formal vendor assessment and evaluation process
  • Security obligations in all vendor agreements
  • Critical vendors reviewed annually

Physical Security

  • Physical controls at Helsinki and Stockholm offices
  • Restricted access to sensitive areas and equipment
  • Secure storage for network equipment and servers

Training & Awareness

  • Regular role-specific security awareness training
  • Training on identifying and reporting security incidents
  • Comprehensive education on security policies and procedures

Need documentation?

Whether you need our security policies, compliance certificates, or a detailed data processing overview — just reach out and we'll get you what you need.

Contact Us