Luware’s Commitment to Security and Compliance

When you choose a Luware solution, you can rest assured that your data is in safe hands. Luware is committed to ensuring security and compliance at every step – from data handling to storage.

Certified Vendor

Luware is a certified SaaS vendor and undergoes regular internal and external audits to ensure robust security measures are in place.

SOC 2 Type II

SOC 2 Type II provides an independent, third-party assessment of the security controls that Luware has implemented to protect our customers’ data on our cloud solutions, Luware Recording and Luware Nimbus.

ISO 27001

Luware AG holds a valid ISO 27001 certification. All processes are rolled out across the group.

ISO 27001 is the international standard for Information Security Management Systems (ISMS) and specifies the requirements for appropriate security mechanisms.

Download certification

ISO 9001

Luware AG holds a valid ISO 9001 certification. All processes are rolled out across the group.

ISO 9001 is the international standard for a Quality Management System (QMS) and ensures that customer and regulatory requirements are met.

Download certification

Secure Your Business Communications with Luware Nimbus

To ensure optimal performance, security and compliance, Luware implements a comprehensive cloud security strategy. This strategy includes, but is not limited to:

  • Authentication and access controls protect our solutions from unauthorized access. We focus on multi-factor authentication and role-based access, ensuring need-to-know compliance and enforcing multiple levels of permissions. We monitor access using Entra ID login logs within the customer tenant and MSFT Azure Sentinel as a centralized logging solution for user access activity.
  • Operational security is provided through our security baseline, threat prevention policies, secure software development, patching, and roadmap planning. Our detailed incident and security incident response processes ensure appropriate alerting and remediation. Strict change control procedures further enhance our operational security.
  • Business continuity management is established with a defined program to ensure that risk management processes and critical resources are identified and operational.
  • Hosting instances are offered within Microsoft Azure in Switzerland, Germany, and the UK. A secondary DR backup location is in place within each region. Support is provided from locations within the EU, EEA, Switzerland, and the UK, ensuring customers can comply with the strict GDPR principles.
  • High availability and disaster recovery are provided in accordance with best industry standards through resilient system architecture, database resiliency, and backup and recovery processes

Learn more about our security measures:
Download Luware Nimbus security white paper

Our Commitment to Security and Transparency

We are committed to being transparent about our security practices. As a member of the Cloud Security Alliance and Security Trust Assurance and Risk (STAR), we provide a comprehensive self-assessment of our security control frameworks.

Download self-assessment

What Our Customers Say About Us

The advantages of [Luware Nimbus and the] cloud are obvious: easier manageability, more security, and modern working at scalable costs. Today, even small and medium-sized companies can use the same cloud technologies as large financial companies. - Ralf Luchsinger, Head of ICT at Bank Avera

Talk to an Expert

Want to learn more about Luware’s commitment to security and compliance? We’d love to talk to you.