Omniway
Trust Center/For procurement

For procurement and security review

This page gives a consolidated, structured picture of how Omniway works with security, data protection, operations and development.

  • Operated in Sweden via Advania (Norrmoln)
  • All primary data is stored within the EU/EEA
  • No third-country transfer in the standard configuration
  • ISO 27001, 9001 and 14001 (entire company)
  • Structured work on security, quality and risk

Infrastructure and operations

Omniway's platform runs on Advania (Norrmoln) with servers in Sweden. Omniway is responsible for application operations and maintenance.

  • Servers located in Sweden (Advania, Umeå)
  • Omniway is responsible for the application, updates and maintenance
  • High availability with continuous monitoring
  • GitHub is used only for source code management — no customer data is stored there

Information security and GDPR

Omniway works systematically on information security following ISO 27001 and complies fully with the GDPR.

  • Regular risk analyses and security assessments
  • Permission management with role-based access
  • Encrypted communication (TLS) for all data traffic
  • Logging and traceability for security events
  • Documented incident handling process
  • Personal data is processed only on the customer's instructions

Access and authentication

Access to Omniway is governed by modern authentication mechanisms and clear permission models.

  • SAML-based Single Sign-On (SSO) for integration with the customer's identity solution
  • Support for Multi-factor authentication (MFA)
  • Role-based access control (RBAC)
  • The principle of least privilege is applied throughout

Logging and traceability

Omniway logs relevant events to enable follow-up and traceability.

  • Sign-ins and access attempts are logged
  • Security events are recorded and can be analysed
  • Logs are retained for at least 6 months
  • Access to logs is restricted and controlled

Backup and recovery

Omniway has robust routines for data backup and recovery.

  • Regular automated backups (every hour)
  • Backups are stored separately from the production environment
  • Documented procedures for recovery when needed

Operations and incident handling

For disruptions and security incidents, Omniway follows a structured process.

  • Immediate action for critical incidents
  • The CTO is involved directly for serious events
  • Customers are promptly informed about status and actions
  • Post-incident analysis is carried out to prevent recurrence

Support

Omniway offers support tailored to education organizations.

  • Web-based support channel with ticket handling
  • Structured ticket handling with prioritisation
  • Swedish-speaking support during office hours

Development and security

Security is integrated into Omniway's development process.

  • Secure SDLC — security is part of the whole development lifecycle
  • Code review is performed before deployment
  • Ongoing vulnerability handling and updates
  • Work follows the OWASP Top 10 to mitigate common security risks

AI

Omniway offers AI functionality as an optional add-on. Use follows clear principles for data protection.

  • OpenAI's enterprise API is used for AI features
  • Only the user's input is sent to the API
  • No identifiable personal data is shared with third parties
  • Prompts are not stored and are not used for model training

Contact for review

If you need additional information, supporting documentation or a security review — contact us at info@omniway.se.

Our principle: We work to make security, data protection and operations so transparent that they don't become an obstacle in a procurement — but a natural part of the decision basis.
Back to Trust Center

Subscribe to our newsletter

Don't worry — we'll never spam you. We only send relevant news and updates that are worth your time.