Information Security Management

Principles and practice for secure handling of data and operations in GoRabbit.

1. Purpose

GoRabbit works according to established information security principles to ensure that all data is handled confidentially, available and correctly.

2. Framework and approach

GoRabbit follows recognised security principles drawn from frameworks such as ISO 27001 and CIS Controls, without claiming full certification or a complete ISMS implementation.

These principles guide how we build, operate and develop the service.

  • risk-based assessment of changes and new modules
  • access management based on least privilege
  • logging of relevant system events
  • controlled handling of errors and deviations
  • regular quality assurance of operationally critical parts of the platform

3. Access management

Access is granted only to authorised operators who need it to perform work related to operations or error handling.

  • all access is logged
  • access is reviewed as needed
  • customer data is never shared without an agreement

4. Secure operation

GoRabbit carries out ongoing technical quality assurance of the modules in the platform, including RabbitEngine, RabbitWarmUp, RabbitOutput and RabbitStudio.

  • encrypted communication between all service components
  • continuous monitoring of operational processes
  • controlled handling of deviations and errors
  • periodic security assessment at major changes

5. Incident handling

System events are logged and assessed. Critical events can trigger internal alerts and manual follow-up.

6. Sub-processors

Sub-processors are used only where necessary for the service, and all are governed by a data processing agreement (DPA) where this is required.

7. Continuous improvement

GoRabbit is developed continuously. Security improvements are implemented on an ongoing basis as part of ordinary service development.