Managed Services

Evaluate Elastisys as a Vendor

This is how we fulfill compliance requirements as your vendor of Elastisys Managed Services.

Mature company:

Founded in 2011, stable and strong growth

ISO certified

27001 since 2021,
14001 coming

Kubernetes certified

Service Provider, Training, and Platform

Privacy & security

Managed Kubernetes, without compromises

Managed Services

Evaluate Elastisys as a Vendor

This is how we fulfill compliance requirements as your vendor of Elastisys Managed Services.

About Elastisys

Elastisys is 100% Swedish owned. The largest shareholders are two co-founders, Erik Elmroth and Johan Tordsson, with all team members employed during the first decade owning shares and/or stock options. A minority ownership resides with Swedish investors as a result of a 2017 seed round and a 2023 expansion round.

At Elastisys, we take data privacy and security seriously, and we fully operate under EU jurisdiction. We do not comply with non-EU surveillance regulations and will reject any request from non-EU surveillance organizations to release customer information.

Our employees who access customer environments are all based in the EU, and we provide company-wide data privacy and GDPR training along with security knowledge sharing. Regular internal audits help us improve our security measures continuously.

Elastisys is committed to fair working conditions and values our employees. We are connected to a collective agreement (Unionen/Sveriges Ingenjörer, Tekniktjänsteavtalet). 

Elastisys AB
Org.nummer: 556873-6135
HQ: Kuratorvägen 2A, 907 36 Umeå
Offices: Umeå & Lund

40-50

employees

Turnover Growth (MSEK)

8
2019
22
2020
24
2021
33
2022
33
2023 (forecast)

Our Privacy Policies & Plans

Privacy Policy

Privacy policy for elastisys.com and elastisys.io, business contacts, authorized users, and recruitment.

Privacy Plan

Not a GDPR privacy policy per se, but our internal guidelines for how we work with data processing in a privacy-respecting way.

Information Security Management Plan

Our plan to work with information security management in a structured and risk-oriented way.​

Available Sub-processor Options

  • Cleura // Cleura AB (556630-7806)
  • Safespring // Blue Safespring AB (559075-0245)
  • Elastx // Elastx AB (556906-5617)
  • UpCloud // UPCLOUD OY (2431560-5)
  • Shibuya (556192-0025)
  • On-prem (Sub processor TBD)

Elastisys does not have other sub-processors than the infrastructure provider(s) of choice.

Implemented Security Measures

Logs, metrics, and alerts produced by platform and customer application components are immediately pushed into a tamper-proof, separated Kubernetes environment.

There is no multi-tenancy between end customers and Elastisys; each customer gets their own individual setup of the Elastisys Managed Kubernetes platform.

To ensure the security of our platform, we subscribe to relevant project updates for vulnerability and security. For instance, we utilize tools like opencve.io.

Want to learn more? Read our free guides!​

ISO-27001 Certification

We are happy to share our ISO-27001 Statement of Applicability (SoA) with you. The full version can be sent over on request to your sales representative. Some of the highlights include:

Training

Our engineers get at least 20% of dedicated knowledge-sharing time. When we say “disaster recovery training should be done regularly” we mean it.

Access Control

We each have an individual username and password. Where feasible we use 2FA. We follow on-boarding and off-boarding checklists.

Recruitment

All our engineers are screened both via a hands-on practical test and by requesting two reference people.

Redundancy

We double- or triple-replicate as much as possible. We tested everything else to ensure it self-heals. 

Technology

As much as possible, we use vendor-neural open-source projects in our supply chain. 

Suppliers

We conduct regular audit of our infrastructure providers  to ensure they meet our security needs. 

Continuous Improvements

We regularly review “near misses” and invest in preventive measures.

Cryptography

We follow ECRYPT-CSA. 

Elastisys is an ISO 27001 certified company

Contractual Details

The order form is subject to and governed by our Terms of Service. By signing, the customer agrees to and accepts the Terms of Service. Elastisys reserves the right to update and change the Terms of Service with at least an advance notice period of 30 days to the customer.

Terms of Service (ToS)

Our managed services are governed by the Terms of Service available via this link.

Data Processing Agreement (DPA)

The DPA is an appendix included in our ToS that specifies our responsibilities as a sub-processor.

Highlights From Our Terms of Service

Highlights From Our Terms of Service

Availability

99.95% Uptime SLA* (*Premium Plan with geo redundant deployment).

Ways of Contact

Support ticket, Slack messages or Elastisys support number.

 Terms of Payment

30 days from the date of invoice.

Term & Termination

99.95% Uptime SLA* (*Premium Plan with geo redundant deployment).

Subcontracting

Elastisys will not use subcontractors for processing of Customer data that are outside the jurisdiction of European law.

Governing Law & Dispute

Stockholm Chamber of Commerce.

Transfer to Third Countries

Personal Data will be handled and stored within the EU/EEA by a natural or legal person who is established in the EU/EEA.

Appendix 2 & 3

Managed Services Specification including RACI model.

Information Included in Order Form

The order form includes information about the categories of personal data and data subjects that will be processed. It also describes if the customer has any other instructions to Elastisys regarding Data Processing. Lastly, the contact person for cooperation between the parties about data protection (DPO/CISO) is specified.

The order form specifies the infrastructure provider of choice and includes them as a sub-processor to Elastisys in order for us to deliver the service.

The order form specifies when the customer gets access to the new environment.

  • The order form includes details about the environment. This includes information about the support plan, worker nodes and their sizing, and the additional managed services and their sizing.

If requested, the order form includes Elastisys’ general price list that calculates the cost of different environments and additional managed services.

We do not collect cookie data or resell customer information
because we prioritize user privacy

GDPR

Elastisys managed services are designed to assist companies in meeting GDPR requirements. For more information on GDPR compliance, we recommend visiting https://gdpr.fan/. If you want to know more about how GDPR applies to our managed Kubernetes platform you can find relevant information here. Our services are built in accordance with the recommendations of the EDPB and the Swedish DPA (IMY). For more information, please contact our Data Protection Officer (DPO) at dpo@elastisys.com.

Licensing

Elastisys is committed to using community-driven open source software in our platform, including our Compliant Kubernetes license, which is released under the Apace-2.0 License. If you would like to learn more about our approach to open source, please read more hereFull bill of material (BOM) can be sent over on request to your sales representative.

Environmental Sustainability

At Elastisys, we prioritize environmentally friendly practices in our work. To this end, we partner with ISO-14001-certified infrastructure providers who are committed to minimizing their environmental impact. Additionally, we work with infrastructure providers who are part of The Green Web Foundation, and we are proud that certain datacenter regions we utilize are powered by 100% renewable energy. In-house, we have implemented an environmental policy to ensure that Elastisys minimizes its own environmental footprint.

How Does Elastisys Help to...?

Comply with the Swedish Patient Data Law

Pass your ISO-27001 certification

Comply with MSBFS 2020:7

Certification & Compliance Roadmap​

ISO 14001 Certification

NIS-2 (October 2024)​