Trust Center

Important notice

This Trust Center provides a high-level overview of Spectrum Safety Solutions’ approach to information security and data protection. It is provided for general informational purposes only and does not create any contractual obligations, warranties, or guarantees, toward customers, partners, or other stakeholders.

Binding commitments relating to security, privacy, or compliance apply only as set out in executed agreements between Spectrum Safety Solutions and its customers or partners.

Detailed policies, standards, technical configurations, and evidence are not public and are shared only under appropriate confidentiality arrangements.

Our commitment to trust

At Spectrum Safety Solutions, trust underpins how we design, deliver, and support our products and services.

We recognize that customers, partners, and regulators expect a structured, risk-based, and transparent approach to security and privacy. This Trust Center describes, at a high level, how we govern cybersecurity, protect information, and support customer compliance requirements, in collaboration with our customers and partners.

Our practices continue to evolve in response to changes in technology, business operations, regulatory requirements, and the threat landscape.

1. Information security

Governance and framework

Spectrum Safety Solutions operates a group-wide information security framework informed by recognized industry standards and regulatory expectations, including ISO/IEC 27001, the NIST Cybersecurity Framework, and applicable NIS2 requirements.

Security governance is centralized at the group level and includes executive oversight, a dedicated cybersecurity function led by a Chief Information Security Officer (CISO), defined accountability, and a risk-based approach to identifying, assessing, and managing information security risks.

Policies, standards, and risk management

Spectrum Safety Solutions maintains internal policies, procedures, and standards that define minimum security requirements across the group. These documents are internal, may vary by business unit or region, and are subject to continuous improvement based on risk assessments and lessons learned.

Identity and access management

Access to systems and data is managed using role-based and least-privilege principles, supported by joiner–mover–leaver processes, strong authentication mechanisms, and additional controls for privileged access where appropriate.

Endpoint, user, and email protection

A layered approach is applied to protect users and devices, including managed endpoints, data protection measures, email security controls, and ongoing security awareness activities.

Network, cloud, and operational technology environments

Protections are designed to support segmentation, secure remote access, cloud security controls, and proportionate safeguards for industrial and manufacturing environments where applicable.

Monitoring, incident response, and resilience

Spectrum Safety Solutions maintains monitoring, incident response, and resilience practices designed to detect, respond to, and recover from security incidents in a timely manner.

2. Privacy and data protection

Commitment to data protection

Spectrum Safety Solutions is committed to protecting personal data and complying with applicable data protection laws, including GDPR where applicable, and to applying privacy by design and by default principles where appropriate.

Roles, data types, and processing purposes

Depending on the relationship, Spectrum Safety Solutions may act as a data controller or data processor. Personal data processed may include business contact data, limited employment data, and technical identifiers.

Legal bases and data handling principles

Appropriate legal bases are used for processing personal data. Data minimization, purpose limitation, and appropriate retention practices are applied.

Data location, transfers, and service providers

Personal data may be processed in the EU/EEA and other jurisdictions. Where cross-border transfers occur, appropriate safeguards are implemented. Third-party providers are subject to contractual security and data protection requirements.

Security of personal data and breach handling

Technical and organizational measures are applied to protect personal data. Personal data breaches are handled in accordance with incident response procedures and legal or contractual requirements.

Data subject rights

Where applicable, data subject rights are supported in accordance with law and contractual obligations, typically through established privacy contact channels.

3. Security questionnaires and due diligence

Spectrum Safety Solutions supports customer and partner security and privacy due diligence. Questionnaires and supporting documentation are handled through a formal review process and may be shared under appropriate confidentiality arrangements based on the nature of the relationship and assessed risk.