Security

Cobase operates an Information Security Management System (ISMS) aligned with ISO 27001, ensuring strong governance and continuous improvement. Policies and processes are documented, regularly audited, and updated to reflect evolving threats and requirements. Access controls are implemented via Role-Based Access Control (RBAC), ensuring that users can only access what they need.

Data is encrypted both at rest and in transit using industry-accepted protocols (AES, TLS, SSH, and RSA). Cobase ensures that customer data is processed and stored in secure Microsoft Azure data centers located in the EU (Netherlands and Ireland), providing strong data residency and compliance with GDPR requirements

Cobase manages all digital certificates required for secure bank and ERP connections, including those used in SFTP, EBICS, and API communications. Certificate lifecycles (issuance, renewal, and revocation) are managed automatically by Cobase, eliminating manual maintenance and reducing the risk of expired or misconfigured certificates.

Cobase is externally certified under ISO 27001, SOC2 Type 2, and ISAE 3402 Type 2 standards. We also undergo regular independent audits, penetration testing, and vulnerability assessments to ensure compliance and operational resilience.

Cobase employs a 24/7 Security Operations Center (SOC) to monitor the platform, detect anomalies, and respond to incidents swiftly. Logs and audit trails are immutable, ensuring full traceability and compliance with regulatory frameworks.

Cobase acts as both a data processor (Activity 1) and an independent data controller (Activity 2) depending on the processing context. We implement data protection measures, Data Processing Agreements, and Privacy Impact Assessments to support our customers’ GDPR compliance requirements. Personal data is stored within the EU, and transfers outside the EU/EEA are handled with appropriate safeguards, such as Standard Contractual Clauses.