Security at Mavera
We handle extremely sensitive data for our clients and their customers—a responsibility and trust we take very seriously. We continuously monitor and enhance our products and operations to meet and exceed the insurance industry's high standards, ensuring trust and security at every level.

Compliance
We understand the importance of staying updated with legal requirements and developments. Our legal team continuously monitors industry updates while our external Data Protection Officer (DPO) implements an annual control plan to ensure compliance with data protection laws.
ISO 27001
We proudly hold an ISO 27001 certification, showcasing our dedication to global best practices in information security management. We invest annually in independent audits, continuous improvements, and ongoing training to maintain our compliance with this internationally recognized standard.
We are happy to provide our ISO 27001 certificate and Statement of Applicability (SoA) upon request.
We are happy to provide our ISO 27001 certificate and Statement of Applicability (SoA) upon request.
GDPR - General Data Protection Regulation
Mavera fully adheres to the principles and requirements of the General Data Protection Regulation (GDPR). Our stringent safeguards include encryption, pseudonymization, and role-based access controls, ensuring personal data remains private and secure.
DORA—Digital Operational Resilience Act
We are fully committed to complying with DORA and maintaining robust ICT risk management frameworks, incident response strategies, and system resilience measures to meet EU regulatory standards.
Product security
Security is at the core of Mavera DSS. Every feature is designed with user trust and operational protection in mind.
Single sign-on (SSO) and two-factor authentication (2FA)
We offer SSO through Microsoft Entra, simplifying user management by enabling centralized control. Additionally, 2FA is mandatory for all users not using SSO, enhancing account security.
Role-based access control
Mavera DSS enforces strict role-based permissions, ensuring users only access the information they need, minimizing accidental data exposure.
Tailored security features
The system includes extra security features, such as blocking screenshots, restricting file downloads, and limiting access outside Europe, enhancing operational security.
Audit trails
Detailed logs of user and system actions are maintained to enhance traceability and accountability.
AI security
We emphasize creating robust, secure, and responsible AI structures to ensure data integrity and safeguard sensitive information.
Assistant AI
Mavera’s AI components empower claims handlers to make more efficient and accurate decisions while maintaining human decision making.
Exclusively integrated and independent technology
Our AI modules are exclusively available within Mavera DSS and hosted securely in our data center. We do not rely on public AI services like ChatGPT, ensuring full control and data privacy.
Responsible data handling
Training data is sourced from trusted partners under strict agreements and securely separated from production environments. All training data is purged after each iteration to protect privacy.
Infrastructure & application security
Mavera DSS is built on a foundation that meets rigorous security and reliability standards, ensuring the safety of your data.
Hosting
Mavera DSS is hosted on servers in Sweden by a partner certified under ISO 9001, 14001, 27001, and 22301, ensuring secure and resilient data handling.
Encryption
Robust encryption methods protect sensitive data both at rest and in transit, using advanced cryptographic standards.
Secure coding practices
Our developers integrate security best practices throughout the development lifecycle, using regular code reviews, pair programming, and automated testing to detect vulnerabilities early.
Change management
All changes follow a formal process, including thorough testing, documented approvals, and audit trails, reducing errors and maintaining security.
Data backup
Our databases utilize live replicas with millisecond delays. Snapshots of all servers are taken three times daily and retained for 15 days. Encrypted database backups and file attachments are stored off-site and synced to a disaster recovery site every 24 hours.
Penetration testing
We conduct penetration tests annually and after significant updates. External experts simulate realistic scenarios to identify vulnerabilities and enhance our defenses.
Corporate security
We foster a culture of security across the organization, working closely with our owners at Verisk to uphold best practices at every level.
Security awareness and background checks
All employees and consultants undergo annual compliance training, including simulations, to test resilience against social engineering attacks. Background checks are mandatory before employment begins.
Incident management
Our incident response plan ensures structured detection, analysis, and containment of security events. Clients, regulators, and law enforcement (if needed) are kept informed throughout the process.
Vendor management
We conduct regular reviews of critical vendors’ security practices and monitor for external threats and vulnerabilities.
Your secure partner for the future
By choosing Mavera DSS, you invest in a secure, future-ready platform designed to streamline your workflows and empower your success today and tomorrow.
For further inquiries, please contact us.