Trust

Information Security

Last updated: 1 June 2026

Security Philosophy

Acalution recognises that information security is fundamental to the trust placed in us by clients, business partners and stakeholders.

We are committed to protecting information entrusted to us through the application of appropriate technical, organisational and operational safeguards designed to support confidentiality, integrity and availability.

Our approach to information security is risk-based and proportionate to the nature of our business, client requirements and applicable legal and contractual obligations.

Governance and Oversight

Information security is overseen by Acalution management and forms part of our broader operational risk and governance framework.

Security considerations are incorporated into:

  • Client engagements;
  • Technology operations;
  • Service delivery activities;
  • Vendor selection processes;
  • Personnel onboarding and offboarding processes; and
  • Business continuity planning.

Security responsibilities are assigned and reviewed as part of normal business operations.

Infrastructure and Hosting

Acalution utilises professionally managed infrastructure and hosting environments to support its business activities and client services.

Depending on the nature of an engagement, client solutions may be deployed within dedicated environments managed by the client, managed by Acalution on behalf of the client, or operated through selected third-party infrastructure providers.

Infrastructure design, access controls and operational processes are implemented with consideration for security, resilience and client requirements.

Identity and Access Management

Access to systems, applications and information is restricted to authorised individuals based on business need.

Security measures may include:

  • Individual user accounts;
  • Authentication controls;
  • Role-based access permissions;
  • Access reviews;
  • Joiner, mover and leaver procedures; and
  • Credential management practices.

Access rights are intended to be limited to those necessary for the performance of assigned responsibilities.

Data Protection

Acalution seeks to protect personal data and confidential business information through appropriate organisational and technical measures.

Such measures may include:

  • Access controls;
  • Encryption where appropriate;
  • Secure communication channels;
  • Confidentiality obligations;
  • Data handling procedures; and
  • Information classification practices.

Personal data is processed in accordance with applicable legal, regulatory and contractual requirements.

Further information is available in our Privacy Policy.

Third-Party Providers

Acalution may engage third-party providers to support business operations and service delivery.

Where appropriate, providers may be assessed with regard to:

  • Security capabilities;
  • Operational resilience;
  • Data protection obligations;
  • Confidentiality requirements; and
  • Contractual commitments.

Third-party relationships are managed in accordance with business requirements and risk considerations.

Monitoring and Operations

Operational activities may include monitoring and logging measures intended to support:

  • System administration;
  • Service performance;
  • Security management;
  • Incident investigation; and
  • Operational continuity.

Monitoring activities are conducted in accordance with applicable legal, contractual and privacy obligations.

Incident Management

Acalution maintains procedures for identifying, assessing, managing and responding to security incidents.

Where appropriate, incident response activities may include:

  • Investigation and containment;
  • Remediation and recovery;
  • Internal escalation;
  • Client communication; and
  • Regulatory or legal notification where required.

The objective of incident management is to minimise operational impact and support the timely restoration of services.

Business Continuity

Acalution recognises the importance of operational resilience and continuity of service.

Business continuity considerations may include:

  • Backup and recovery processes;
  • Infrastructure resilience measures;
  • Knowledge sharing and documentation;
  • Operational contingency planning; and
  • Recovery procedures appropriate to the nature of the services provided.

Responsible Disclosure

Acalution appreciates the responsible reporting of potential security vulnerabilities.

Individuals who identify a potential vulnerability affecting Acalution systems or services are encouraged to report it promptly and responsibly.

Reports should include sufficient information to allow investigation and validation.

Acalution requests that researchers:

  • Act in good faith;
  • Avoid disruption of services;
  • Avoid accessing data that does not belong to them;
  • Avoid actions that could adversely affect clients, users or systems; and
  • Provide reasonable time for investigation and remediation.

Security Contact

Security-related enquiries or responsible disclosure reports may be submitted to: security@acalution.com

Alternatively, enquiries may be directed to: contact@acalution.com

Contact Information

Acalution AG

Grafenauweg 8
6300 Zug
Switzerland

Registration No.: CHE-209.116.093
Telephone: +41 41 711 66 99

Acalution Pte. Ltd.

1090 Lower Delta Road
#05-10/11
Singapore 169201

Registration No.: 201436965M
Telephone: +65 6250 9559