Operating Data Policies

The Abyrint Connect platform has a distinct and self-contained security and privacy architecture. As a consulting firm, Abyrint AS also handles operational data related to client engagements, internal projects, and administration that exists outside of the platform. This document outlines the data protection policies governing these activities.

Device Security

To protect data in the event of device loss or theft, all company-issued devices, including laptops and mobile phones, are secured with full-disk encryption. This root-level encryption is enforced at the hardware (BIOS) level and is considered a robust safeguard against unauthorized physical access.

Internal Systems & Data Storage

Abyrint is in the process of a strategic migration to consolidate all internal and operational data onto our own self-managed infrastructure.

  • Future State: Our goal is to manage all “office” data and work products from consulting assignments using the same secure, European-based infrastructure model that powers the Abyrint Connect platform. This will bring our internal data handling in line with our highest platform security standards.
  • Roadmap: This migration is a key priority, and we are on track for its completion during 2025.

Third-Party Collaboration Platforms

As a consulting firm, we must remain flexible to meet client needs and collaborate effectively. While we transition to our self-managed systems, we continue to use a limited set of third-party services for specific collaborative tasks.

  • Collaboration Suites: For some data sharing and collaborative workspaces, we may use Dropbox and Google Workspace. Our service level agreements with these providers guarantee that data is stored within the European Union.
  • Email: Our corporate email is currently provided by Microsoft.
  • Phasing Out: The use of these third-party platforms for primary data storage is being actively phased out and is part of the 2025 migration roadmap. However, their use may still be required from time to time to meet specific client collaboration requirements.

Client-Specific Data Engagements

Engagements in areas like monitoring and due diligence can involve substantial data sharing. Our approach prioritizes security while accommodating client needs.

  • Preferred Method: We are increasingly shifting these data-intensive workloads to the secure environment of the Abyrint Connect platform or, where applicable, facilitating direct API access for data exchange.
  • Client-Managed Systems: We recognize that clients may require us to work within their existing systems (e.g., their own Google or Microsoft environments). In these cases:
    • If Abyrint operates an account on behalf of a client, we will ensure it is configured for data residency within the EU.
    • If the accounts are managed directly by the client, the data handling and residency are governed by the service level agreements between the client and their provider.