.png?width=180&height=47&name=CL_Blue_Horizontal_Web%20(1).png "consafe logistics logo blue"){kind=small}
1. Security
Security is an integral part of how we design, deliver, and operate our solutions, supporting our customers’ business critical operations.
Information Security Governance
Consafe Logistics operates a formal Information Security Management System (ISMS) aligned with ISO/IEC 27001.
Our ISMS covers:
- Product development and delivery
- Cloud-hosted services
- Internal IT and corporate systems
- Third-party and supplier risk
The ISMS is reviewed regularly through management reviews, internal and external audits, risk assessments, and the follow-up of incidents and improvement actions.
Roles, Accountability, & Oversight
Information security at Consafe Logistics is governed through defined roles and responsibilities with executive management oversight.
Ownership is assigned for:
- Information security governance
- Risk management
- Incident handling and escalation
- Compliance and continuous improvement
Security risks and incidents are escalated through established management channels.
Secure Product Development
Security is integrated throughout our product development lifecycle.
Our secure development practices include:
- Risk-based security requirements
- Secure design and architecture principles
- Code review and testing activities
- Vulnerability management and remediation
Security considerations are applied from design through release and ongoing maintenance.
Cloud & Infrastructure Security
We deliver our cloud services using established cloud platforms and industry best practices.
Our security controls include:
- Segregation of environments
- Identity and access management
- Encryption of data in transit and at rest
- Backup and recovery capabilities
- Logging and monitoring of systems and services
Operational Security & Incident Management
Consafe Logistics maintains documented processes for operational security, including continuous security monitoring through Managed Detection and Response (MDR) capabilities.
Our operational security practices include:
- Continuous monitoring and detection of security events
- Alerting and escalation based on defined severity levels
- Incident response, containment, and recovery processes
- Root cause analysis and corrective actions
Security incidents are reviewed as part of our continuous improvement process and management oversight.
For vulnerability disclosure or security-related reporting, external parties can contact us at security@consafelogistics.com.
2. Reliability
When you use Astro WMS® as a SaaS service, your business relies on us, and we are committed to delivering consistent, reliable performance at all times. For cloud-hosted services, Consafe Logistics works to support continuity, availability, and recovery through a combination of architecture, monitoring, and operational processes.
Service Availability
Our services are built to ensure maximum reliability, with a 99.9% uptime commitment measured monthly and SLA status reporting available on demand.
Monitoring and Response
Around-the-clock monitoring ensures consistent availability, including full-stack service health checks and a dedicated support and response team. Application support is also available 24/7 through the Service Desk for both on-premises and SaaS solutions.
Backup and Recovery
Backup and recovery capabilities are part of our infrastructure and operational practices, supporting restoration and service continuity in the event of disruption.
Business Continuity and Resilience
Business continuity and resilience are addressed within our existing management systems and operational practices. Disaster recovery is continuously validated through regular testing, dry runs, and constant monitoring and validation of application backups.
Secured And Geo-Redundant Data Backups
Data backups are secured and geo-redundant, protected against deletion and corruption, and replicated between public cloud regions for added resilience.
Global Data Residency Options
Public cloud flexibility provides access to over 300 data centers worldwide, ensuring compliance with regulations that mandate specific physical locations. This also ensures application performance with low-latency communication.
3. Compliance
When choosing a technology partner, transparency and accountability matter. We adhere to the highest industry standards to ensure compliance throughout our organization, products, and services.
Certifications and Standards
Consafe Logistics aligns its security practices with recognized standards and regulatory requirements, including:
- ISO/IEC 27001 for information security management
- GDPR (EU General Data Protection Regulation) for personal data protection
- NIS2 Directive (EU Network and Information Security Directive)
- EU Cyber Resilience Act (CRA)
Our information security program is built on ISO/IEC 27001, which covers the majority of NIS2-related requirements. NIS2 requirements are incorporated into our information security governance and operational practices in accordance with applicable laws and national implementations. Our product security and secure development practices are aligned with the principles of the Cyber Resilience Act, including security-by-design and lifecycle vulnerability management.
Whistleblower Protection
Our whistleblower system is compliant with the European Whistleblowing Directive and local legislation, ensuring safe reporting for employees.
4. Privacy
The privacy of our customers, co-workers, and partners is prioritized, and we are dedicated to protecting your personal information.
Data Protection and GDPR
Consafe Logistics processes personal data in accordance with the GDPR.
We act as:
- Data processor for customer data
- Data controller for limited corporate data
- Data minimization and purpose limitation
- Access control and logging
- Supplier and sub-processor management
- Handling of data subject rights
Our GDPR practices include:
Data Processing Agreements are available as part of customer contracting processes.
Privacy In Test & Development
We use anonymization procedures for test and development environments to ensure privacy, both for Astro WMS® on-premises and SaaS solutions.