Overview of cybersecurity in Easy Redmine

Table of contents

Risks and regulatory pressure
Easy Redmine security at every level
Certified for ISO/IEC 27001:2022 and 27017
Full GDPR compliance
NIS 2 readiness
What makes Easy Redmine a secure choice for your business
Hosting options: On-premises or cloud
On-premises
Managed server
Private Cloud
Global Cloud
Business continuity
Staying ahead of threats
24/7 monitoring
Keeping the pace with security and AI
Easy Redmine keeps your data secure at every level

Risks and regulatory pressure

Protecting sensitive data and ensuring business continuity is essential for any organisation managing complex projects or operating under strict regulations.

The challenges are compounded by growing regulatory demands such as GDPR and NIS 2. Organisations are expected to enforce secure data handling practices, implement technical and organisational safeguards, and offer clear transparency and user rights protections. 

Easy Redmine security at every level

As we at Easy Redmine are highly aware of all the mentioned security threats, our software is developed with security by design—every line of code, deployment protocol, and update reflects our commitment to safeguarding your data and ensuring uninterrupted operations.

From initial architecture to deployment and maintenance, we implement industry-standard security practices, including role-based access control, data encryption, continuous vulnerability scanning, and secure coding principles. 

Certified for ISO/IEC 27001:2022 and 27017

We at Easy Redmine are proud that our information security management system has been certified by DNV for the compliance with above mentioned standards. 

Easy Redmine is ISO/IEC 27001:2022 and ISO/IEC 27017 certified by DNV. These international standards validate our robust Information Security Management System, ensuring secure handling of data across our organisation and product.

Additionally, we hold the ISO 9001 certificate, which confirms our commitment to quality management principles, including strong customer focus, process-based approach, and continuous improvement across all operations.

Full GDPR compliance

In the current climate of global digital uncertainty, we consider personal data protection as more than an obligatory phrase. Easy Software strictly follows the General Data Protection Regulation (EU) 2016/679 (GDPR) and upholds the highest standards of data protection and user privacy. Features include:

• Privacy by design and default
• Minimal data collection
• Transparent consent
• User permissions to view, edit or delete data
• Regular audits and strict access controls
• One-click anonymization and forgetting of PII

Easy Redmine operates with privacy by design and by default, ensuring that all personal data is collected, processed, and stored lawfully, transparently, and securely. We limit data collection to what is necessary, provide clear user consent mechanisms, and support users' rights to access, correct, or delete their personal data.

Easy Redmine incorporates technical and organizational safeguards to protect personal information against unauthorized access, alteration, or loss. We conduct regular audits, apply encryption where appropriate, and enforce strict access controls. 

Additionally, we require all employees, contractors, and third-party service providers to adhere to GDPR-compliant data handling practices. Through continuous monitoring and improvement, we ensure that both our internal processes and our software remain in full compliance with GDPR requirements.

NIS 2 readiness

We are actively closing the few remaining gaps compared to fully meet the requirements of the EU NIS 2 Directive (Directive (EU) 2022/2555).

What makes Easy Redmine a secure choice for your business

Easy Redmine incorporates extensive technical measures:

• Data encryption: Encryption of data both at rest available. Data in transit uses industry-standard protocols TLS 1.2 and 1.3.
• Access control: Granular role-based access permissions; two-factor authentication (2FA) with password strenght definition; detection and prevention of suspicious login attempts; SSO, AD authentication integrated.
• Session management security: Secure handling of user sessions with automatic timeouts and protection against session hijacking or fixation.
• Rate limiting and brute force protection: Login attempts, and other critical endpoints are protected with rate limiting to prevent brute force attacks.
• Application security: Secure coding practices; code reviews with minimal two approvals; continuous scanning for vulnerabilities, SAST, DAST, IaC.
• Stringent OWASP Top 10 monitoring.
• Secure API access: All API endpoints require authenticated access, often using token-based systems like OAuth2 or API keys with scope restrictions.
• Logging and forensics: SIEM-friendly application logs of various types capture relevant security events (e.g., login attempts, privilege changes) for forensic and audit purposes.
• Regular security testing: Periodic penetration testing and external audits to identify and remediate vulnerabilities proactively. Consultations by our experts for your own VA findings.
• SBOM available on demand for verified customers

Hosting options: On-premises or cloud

Easy Redmine offers flexible hosting options to match your security, compliance, and operational needs:

• On-premises: Full data control, ideal for regulated industries.
• Managed server: Your infrastructure with cloud convenience—fully monitored and maintained by our team.
• Private cloud: Physically isolated infrastructure in over 20 global locations, including EU jurisdictions.
• Global cloud: Isolated containers with strict data separation in certified locations worldwide.

Let's take a closer look at the hosting options mentioned above.

On-premises

The mere fact that we continue to maintain and improve an on-premises solution underlines our commitment to the highest level of cybersecurity. We offer organisations full control over your data, infrastructure and access policies. 

This setup ensures that sensitive information stays within your internal network, protected by your own security protocols and compliance standards. It’s the ideal choice for companies in highly regulated industries or those with strict data governance requirements, reinforcing our dedication to providing secure, reliable tools for work-, project-, IT service- and source code management.

Now powered by Docker, our on-premises deployment goes a step further—delighting server administrators with simplified updates and lower maintenance overhead. Docker delivers all required components in a guaranteed state, eliminating 90% of legacy manual update tasks, significantly reducing human error, and enabling more frequent security updates.

Managed server

For those seeking the security of on-premises with the comfort of cloud, we have this hybrid solution—your server in your environment, fully maintained and monitored by our expert team. 

We take care of updates, backups, security patches and performance optimisation, so you can focus on managing your projects without the stress of technical upkeep. It’s a reliable and secure choice for companies that want the flexibility of a private environment, combined with the convenience of professional care.

Private Cloud

Choose any of the 20+ global locations, including 10+ in the sovereign EU territory with EU-based root ownership. Your data ownership is protected by the most strict regulations and never leaves the jurisdiction of EU. Other locations with analogic rules include Canada, Japan, Singapore, Australia and US.

Private Cloud offers full comfort of a cloud-based Easy Redmine, but without sharing hardware and other resources with anyone else. You benefit from dedicated infrastructure, ensuring consistent performance, higher security and greater control over your environment. 

It’s an ideal setup for teams that want cloud convenience but with the privacy and stability of a physically isolated system tailored to their needs.

Global Cloud

Again, you can choose any of the 20+ global locations, including 10+ in the sovereign EU territory with EU-based root ownership. Your data ownership is protected by the most strict regulations and never leaves the jurisdiction of EU in Global Cloud. Other locations include Canada, Japan, Singapore, Australia and US.

Each application including its database runs in an isolated container without any reach to its neighbours. This is as a safe Cloud architecture as you can get.

Business continuity

Staying ahead of threats

We take it most seriously—for us and for our clients. We know that uninterrupted deliveries are essential. That’s why we offer a robust disaster recovery SLA for resolution as low as 2 hours – so your work is never left on hold. 

With 20 years of experience in the market, we’ve built reliability into everything we do. Unlike many providers, our cloud infrastructure is fully diversified, meaning you're never locked in with a single hyperscaler. And for those who prefer full control, our on-premises solution ensures perpetual use—granting you independence and long-term stability.

24/7 monitoring

Business continuity isn’t just about reacting—it’s about knowing before something happens. That’s why Easy Software has active monitoring across the full stack: Easy Cloud, hardware, critical systems, supporting services, internal processes, and even key suppliers. 

We keep a constant eye on anomalies, performance shifts, and potential risks. This means we can respond early, often before our users even notice. Our approach allows you to rely on our platform, so you can focus on bringing value to your clients.

Keeping the pace with security and AI

Risks are evolving fast—with AI raising the complexity and quantum computing capacities on the horizon, the landscape has never been changing so rapidly. 

Our own drive for innovation means we tackle new threats head-on, using the same advanced technologies to counter modern cyberattacks. We believe in fighting fire with fire—adapting our software, absorbing new knowledge, and anticipating the next moves. Every release of Easy Redmine contains some security enhancement.

Easy Redmine keeps your data secure at every level

Easy Redmine is fully secured at all levels, proven by ISO/IEC 27001:2022, ISO/IEC 27017, and GDPR compliance, along with advanced protection like data encryption, role-based access, and vulnerability monitoring. 

From on-premises to global cloud hosting, every part of Easy Redmine is built and maintained to meet the highest standards of cybersecurity, business continuity, and regulatory readiness. The technological stack is continuously updated to address emerging threats, and we conduct regular audits and penetration tests to validate its resilience.

To learn more, scroll down to the FAQ for specific questions. Or download the security whitepaper for a more complex overview.

Still missing something? Request a consultation!