Security & Trust

Remangu manages infrastructure inside customer environments. Here's how we handle that responsibility.

ISO/IEC 27001 Certified

Information Security Management

Remangu operates as part of the Revolgy group, which holds ISO/IEC 27001 certification for its information security management system. All Remangu infrastructure operations are conducted within these certified controls.

Revolgy's ISO 27001 certification covers the design, development, deployment, and support of cloud infrastructure services. Certification number and scope available upon request from security@remangu.com.

ISO/IEC 27001:2022

Revolgy Business Solutions a.s.

Information security management system for cloud infrastructure services.

Cert number available on request · Scope: Cloud infrastructure design, deployment, and managed operations

Privileged access

How We Access Customer Environments

Access to your AWS environment is granted by you, logged by AWS, and scoped to exactly what we need — nothing more.

lock

Least-Privilege IAM

A separate IAM role is created per engagement with the minimum permissions required for that engagement. Remangu engineers hold no standing admin access across customer accounts.

receipt_long

Audit Logging

All API activity is logged to AWS CloudTrail. Logs are owned and retained by you in your own AWS account — not Remangu. You have full visibility into every action taken on your behalf.

security_key

MFA Everywhere

All Remangu engineer access to customer environments requires hardware MFA. Shared credentials and long-lived access keys are prohibited under our internal security policy.

Legal Agreements Available

We support customers in regulated industries with the legal frameworks they need. Contact us to request either document.

GDPR

Data Processing Agreement (DPA)

Available for customers subject to GDPR. Governs Remangu's role as a data processor under Article 28 of the General Data Protection Regulation, including sub-processor obligations, data subject rights, and incident notification timelines.

Request DPA →
HIPAA

Business Associate Agreement (BAA)

Available for healthcare customers subject to HIPAA. Defines Remangu's obligations as a Business Associate when handling or accessing systems that process Protected Health Information (PHI).

Request BAA →

Vendor Security Questionnaires

Running a security review? We respond to vendor security questionnaires within 5 business days. Send your questionnaire to security@remangu.com.

We regularly complete SIG Lite, CAIQ, and custom procurement questionnaires. If your organization uses a standardized framework, let us know and we'll confirm compatibility before you send.

What to include in your request

  • Your questionnaire document (PDF, Excel, or web form link)
  • Scope of the engagement or project under review
  • Deadline for completion
  • Contact person for follow-up questions

Send to: security@remangu.com

Response time: within 5 business days

Request Security Documentation

Need our ISO 27001 certificate, DPA, BAA, or help completing a vendor security review? We'll respond within 5 business days.

Request Security Documentation