Security at DEIF
Our approach is based on three principles:
Risk-based decisions: We identify, assess, and reduce security risks as part of our governance and development practices.
Structured processes: We apply consistent methods for security work across the organisation, aiming for repeatable outcomes and continuous improvement.
Customer focus: We support secure operation by providing guidance, documentation, and a clear channel for reporting potential vulnerabilities.
Safe and reliable solutions also depend on security.
At DEIF, information security and product security are integrated into how we develop, deliver, and support our solutions. We work systematically to protect data, reduce risk, and help customers operate our solutions in demanding environments.
Security is a continuous effort - technologies change, threats change, and we adapt.
Protecting information - our own and our customers’ - is a high priority.
Our information security work covers governance, policies, training, and supplier expectations to support confidentiality, integrity, and availability.
Key elements include:
- Security roles and responsibilities defined across relevant functions
- Risk assessment as a foundation for prioritisation and improvements
- Awareness and training to support secure behaviour and compliance
- Supplier and third-party considerations as part of our broader risk management approach
DEIF products are used in critical applications where reliability and robust operation matter.
Our product and software security efforts support that reliability through structured engineering practices and lifecycle considerations.
Our product security focus includes:
- Secure development practices integrated into planning, design, implementation, and testing
- Review and testing activities to reduce the risk of vulnerabilities reaching customers
- Lifecycle support practices that consider updates, corrective actions, and secure handling of reported issues
If you have customer requirements related to product security, we can support by providing relevant statements and documentation through the appropriate channel.
We appreciate the role that customers, partners, and the security community play in improving security.
If you believe you have found a security vulnerability related to DEIF websites, services, or products, please report it to us responsibly.
How to report
Please email: security@deif.com
Include the following information:
- Product / service name and version (if applicable)
- Where the issue was found (URL, interface, environment)
- Clear description and potential impact
- Steps to reproduce (proof-of-concept details are helpful)
- Logs, screenshots, or supporting material
What to expect
- We aim to acknowledge receipt of your report within 5 business days
- We will assess and validate the report and may contact you for clarification
- If confirmed, we will work on remediation and determine appropriate communication
Guidelines
- Avoid privacy violations, data destruction, or service disruption
- Use the minimum testing necessary
- Do not publicly disclose the issue before we have had a reasonable opportunity to investigate and address it
We process personal data in accordance with applicable data protection law.
For details about how DEIF processes personal data (including when you use our websites and contact forms), please see our Privacy policy.