Security Overview

Updated: February 2026

 

1. Introduction

MR SURICATE a European SaaS platform dedicated to automated testing of web, mobile, and API applications.

The platform is designed to operate in professional environments where system reliability, production control, and the mitigation of operational risks are critical priorities.

Security, data protection, and service continuity are built into the design and maintained throughout the operation of the MR SURICATE platform.

MR SURICATE structured its security governance around an Information Security Management System (ISMS) aligned with the principles of the ISO/IEC 27001standard.

This document is for informational purposes only and does not constitute a standalone contractual commitment. The applicable obligations are set forth in the relevant contractual documents, including:

• Service Level Agreement (SLA)
• Data Processing Agreement (DPA)
• Terms of Use for the Platform

2. Cloud Infrastructure

The MR SURICATE platform MR SURICATE hosted on Google Cloud Platform (GCP).

Key features of the infrastructure:

• Main region: europe-west1 (Belgium)
• multi-zone deployment
• infrastructure located within the European Union

The application architecture is deployed on a containerized infrastructure that enables scalability and service isolation.

The execution engines used for automated testing are isolated from the main application environment.

Outbound network traffic is monitored to ensure isolation and control of data flows.

3. Data Protection

MR SURICATE mechanisms that comply with industry standards to protect the data processed on the platform.

The measures include, in particular:

• data encryption at rest (AES-256)
• encryption of communications in transit (TLS)
• logical separation of environments
• secure management of credentials and access
• periodic rotation of sensitive access points

These measures are designed to ensure the confidentiality, integrity, and availability of data.

4. Access Management

Access to production environments is strictly controlled.

The principles applied include:

• principle of least privilege
• centralized access management
• multi-factor authentication (MFA) for privileged accounts
• periodic review of sensitive access points

Administrative access is restricted to authorized personnel responsible for operating the platform.

5. Monitoring and Logging

Operational monitoring and logging mechanisms are implemented to ensure the platform's traceability and stability.

These mechanisms include, in particular:

• logging of administrative actions
• monitoring of technical and safety incidents
• centralization of technical logs
• retention of logs for 12 months

This information is used, in particular, for incident analysis and security investigations.

6. Business Continuity

MR SURICATE measures designed to ensure service continuity.

These measures include, in particular:

• daily backups
• backup retention policies
• periodic restoration tests

Indicative operational objectives:

• RPO (Recovery Point Objective) : 24 hours
• RTO (Recovery Time Objective) : 8 business hours

7. Incident Management

MR SURICATE a formalized incident management procedure that includes the following steps:

• detection
• qualification
• lockdown
• remediation
• notify the customer when necessary
• post-incident analysis

Security incidents are documented and incorporated into the continuous improvement process.

8. Third-party providers and services

MR SURICATE rely on technical service providers for certain services necessary for the platform’s operation.

These service providers may include:

• cloud infrastructure providers
• mobile testing platforms
• communications services
• DNS and network services

Service providers are selected based on security criteria and are subject to appropriate contractual oversight.

The list of service providers eligible to provide the service is available on this page. 

9. Data Protection and GDPR

MR SURICATE personal data in accordance with the General Data Protection Regulation (GDPR).

Depending on the situation, MR SURICATE act as:

• Data Controller for certain internal activities
• Subcontractor as part of the provision of the SaaS platform

Data processing carried out on behalf of clients is governed by a Data Processing Agreement (DPA).

10. Governance of Artificial Intelligence

Some features of the platform may incorporate AI-powered assistance mechanisms.

These mechanisms:

• remain under human supervision
• do not produce automated legal decisions
• are included in the risk analysis of the ISMS

The applicable governance principles are described in a separate document: AI Governance Statement

11. Continuous improvement

MR SURICATE a process of continuous improvement in the area of security.

Security practices are regularly reviewed to take into account:

• technological advancements
• regulatory changes
• operational feedback
• the results of the risk assessments

12. Safety Contact

For any questions regarding security or data protection:

Email:  suricate