Cybersecurity

Embion Cybersecurity Manifesto

Cybersecurity is a core value at Embion. Key areas are, but not exclusively, ISO 27001 certificationstechnical security including end-to-end encryption for communication, and a responsible disclosure policy for reporting vulnerabilities. The company acknowledges the need for a comprehensive security approach, which includes not only technical measures but also physical security and policies and procedures. Embion views cybersecurity as a company-wide responsibility and integrates it into its management system, emphasizing the role of every employee and vendor in maintaining quality and security. 

Key cybersecurity measures

  • Certifications: We have set up processes and structures according to ISO 27001 standards. Certification will be applied for in Q1 2026 to demonstrate our compliance to information security management.
  • Cloud security and encryption: All communication between the Embion Controller and cloud services is protected with end-to-end encryption using TLS to prevent eavesdropping. Data is also encrypted at rest. Embion’s cloud-EMS, including data storage runs in a secured (ISO 27001 / SOC 2 certified) datacenter based in The Netherlands.   Software updates, including critical security patches, are administered remotely. Access control is based on a strong authentication policy (MFA). Network segmentation has been implemented as well as modern firewalling, and continuous monitoring.
  • Software security: We adhere to the Secure Software Development Lifecycle (SSDLC) with continuous code reviews, security guidelines to OWASP principles, automated security testing (SAST/DAST) and a structured release process.
  • Device security: Each Embion Controller uses a unique certificate and is designed to not accept incoming connections, instead initiating contact with cloud services.
  • Responsible disclosure: Our company has a policy for handling vulnerability reports, including acknowledging receipt and providing updates, and publicly announcing fixes after a certain period, with credit to the researcher for following disclosure rules. Regular penetration tests are being performed.