Anycloud Security Statement
Anycloud is committed to the security and privacy of our partners, distributors, and their customers. We strive to implement and maintain security processes, procedures, standards, and take all reasonable care to prevent unauthorized access to customer data. We apply appropriate administrative, operational, and technical security controls to help ensure that our customer data is handled and processed in a responsible and secure manner. This Security Statement is aimed at providing you with more information about our security infrastructure and practices.
Anycloud is a company established and operating in the EU. Our services are designed with regional choices for our customers in mind and are governed by applicable data protection and regulatory requirements. Anycloud maintains full operational control of its service layer, including access management, encryption, and service continuity, while leveraging IBM Cloud as the underlying infrastructure provider for certified, secure, and compliant data center services.
Information Security Policy
Anycloud maintains a written Information Security policy that defines employee responsibilities and acceptable use of information system resources. The company receives signed acknowledgement from users indicating that they have read, understand, and agree to abide by the rules of behavior before providing authorized access to Anycloud information systems. This policy is reviewed annually and updated as necessary.
Our comprehensive security policies cover a diverse range of security related subjects including but not limited to general standards with which every employee must comply, such as account, data, and physical security, as well as more specialized security standards covering internal applications, authentication mechanisms, access controls, and information systems.
Organizational Security
Information security roles and responsibilities are defined within the organization. The Anycloud security department focuses on information security, global security auditing and compliance, as well as defining the security controls for protection of Anycloud’s hardware, software, and cloud infrastructure. The team receives information system security notifications on a regular basis and distributes security alert and advisory information to the organization after assessing risk and impact as appropriate.
Anycloud adheres to the International Organization for Standardization ISO 27001 framework and employs a multi layered security control approach to identify, prevent, detect, and respond to security incidents. The security team is also responsible for incident tracking, vulnerability assessments, threat mitigation, access governance, and ongoing risk management.
Asset Management
Anycloud data and information system assets are comprised of partner, distributor, end user, and corporate assets. These asset types are managed under defined security policies and procedures. Authorized personnel are trained to understand how these assets contribute to the overall security posture and are required to comply with policies and procedures when procuring, accessing, and managing assets.
Personnel Security
Anycloud employees are required to conduct themselves in a manner consistent with company guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. All newly hired employees are required to sign confidentiality agreements and formally acknowledge Anycloud policies.
Employees are provided with security training as part of new hire orientation. In addition, each Anycloud employee is required to complete recurring security and data protection training twice per year to ensure continued awareness and compliance.
Physical and Environmental Security
Anycloud maintains policies, procedures, and controls to address physical security and environmental protection of the data center environments used for service delivery. Information systems and infrastructure are hosted in geographically dispersed data centers to provide redundancy, resilience, and high availability.
Standard physical security controls include controlled access systems, surveillance, fire detection and suppression, and on site security personnel. Access to sensitive areas is restricted and monitored continuously. Data centers have redundant power supplies and backup systems and are subject to independent audits including SOC 2 Type II and ISO 27001 certifications.
Operational Security
Change Management
Anycloud maintains a formal change management process to ensure that changes to production environments are applied in a controlled and auditable manner. Changes are reviewed, approved, tested, and monitored post implementation to ensure expected outcomes and service stability.
Access Management and Service Continuity
Access to Anycloud services and management portals is governed by defined access management procedures under Anycloud operational control. Authentication configurations, access roles, and continuity mechanisms are managed through controlled processes designed to ensure secure and continuous access for authorized users. Where required, access configurations are enabled through manual and verified procedures to ensure auditability, compliance, and alignment with customer security policies.
Supplier and Vendor Relationships
Anycloud collaborates with suppliers and vendors that operate under comparable standards of lawfulness, ethics, and integrity. Suppliers are assessed as part of a structured review process and are contractually bound to confidentiality and security obligations appropriate to the services they provide.
Auditing and Logging
System audit logs are maintained to record access to systems and critical activities. Access to logging and monitoring tools is restricted to authorized personnel. Security events are logged, monitored, prioritized, and handled by trained security staff. Retention schedules are defined and enforced according to internal security guidelines.
Antivirus and Malware Protection
Antivirus and malicious code protection are centrally managed and configured to receive automatic updates. Protection mechanisms include real time monitoring, scanning, and detection controls across relevant systems. Procedures are in place to identify and remove unauthorized or unsupported software.
System Backups
Anycloud has established backup standards and procedures to ensure timely and secure backup and restoration of data. Backup data is protected both onsite and off site and transferred securely between locations. Recovery procedures are tested periodically to verify data integrity and recoverability.
Network Security
Infrastructure systems are protected by high availability firewalls and continuously monitored for threats. Network access is restricted based on business need using defined security zones and segmentation. Development and production environments are separated to reduce risk exposure.
Data Protection
Anycloud maintains a continuous commitment to strengthening data protection by applying strong cryptographic controls for data in transit and data at rest. Encryption is handled by Anycloud as part of the service architecture to ensure customer data remains unreadable to unauthorized parties.
Customer data is stored in certified IBM Cloud data centers selected by the customer during onboarding. IBM provides the physical and infrastructure security layer, while Anycloud retains responsibility for encryption, access control, and data handling at the service level.
Vulnerability Management
Security assessments are conducted to identify vulnerabilities and assess the effectiveness of patch management. Identified vulnerabilities are evaluated, prioritized based on risk, and remediated according to defined procedures.
Patch Management
Anycloud applies security patches and updates in a timely manner across operating systems, applications, and infrastructure components. Patches are tested in controlled environments prior to deployment to minimize operational risk.
Secure Network Connections
HTTPS encryption is enforced for partner, distributor, and customer access to Anycloud web applications and management portals. Secure protocols are used to protect data in transit and ensure confidentiality and integrity.
Access Controls
Role Based Access
Access to information systems is provisioned using Role Based Access Control. Permissions are granted based on job function and least privilege principles. Requests for additional access follow a formal approval workflow with audit logging. Access is revoked promptly during employee offboarding processes.
Authentication and Authorization
Authorized users are provisioned with unique account identifiers. Password policies enforce complexity requirements and multi factor authentication. Anycloud supports multiple authentication mechanisms under controlled and documented procedures to ensure secure access and continuity. Credentials are securely stored using salted and hashed methods.
Incident Management
Anycloud maintains a formal Incident Response Plan defining roles, responsibilities, and communication procedures. The plan is tested annually.
A dedicated Incident Response Team manages preparation, detection, analysis, containment, eradication, and recovery activities related to security incidents.
Business Continuity and Disaster Recovery
Anycloud operates a disaster recovery program designed to minimize service disruption caused by hardware failure, natural disasters, or other events. Data and services are replicated across systems and, where applicable, across geographically dispersed locations to support availability and recovery.
Data Protection Principles
Anycloud applies consistent personal data management principles across all services. Personal data is processed only for authorized purposes and protected through appropriate physical, technical, and organizational controls. Sensitive personal data receives additional safeguards in accordance with applicable laws.
Anycloud data protection practices are independently audited. For further details, please refer to the ISAE 3000 assurance report available through the Anycloud Trust Center.
For more information on Anycloud compliance, please visit
https://www.anycloud.dk/trust-center/