Join RELEX at NRF 2025 – Retail’s BIG SHOW! January 12-14, 2025 | Request a meeting

Request a demo

Information Security – Frequently Asked Questions

December 19, 2024

What has RELEX done in the last year to boost security measures?


Last year RELEX started the 24/7 Security Operations Center together with a company specializing in cyber security. The objective of the center is to monitor RELEX for any suspicious activity and to take corrective actions immediately. Most security incidents don’t occur suddenly but are a result of many consecutive activities and detecting them as early as possible is critical in the prevention of any damage.

Can you share some statistics on the recorded security incidents?

During August – October 2024 the SOC recorded automatically 3300 cases. Out of these, the majority was analyzed and resolved automatically and 362 were handled by security experts. Out of the 362 cases, 173 needed attention and no cases with medium or high impact. This demonstrates that by responding early (within 20 minutes on average) we are able to prevent damage. Some cases may have escalated to a wider impact, but because of the early intervention they resulted in having no impact on our services.

How quickly can you detect and respond to a cyberattack?

Our Security Operations Center works around the clock to respond to the first signs of suspicious activity. Most cases are resolved automatically, and for those requiring further attention the average response time is 20 minutes.

We have efficient processes in place to handle security incidents effectively so if an issue does arise, we act fast with clearly defined roles and responsibilities. Our goal is to contain the problem, reduce its effects, start recovery, and keep everyone informed.

How will we know if there is an issue affecting our data?

We are GDPR-compliant, which means in the event of a serious data breach we have set up the required processes to notify customers as soon as we become aware of it.

Who is responsible for infosec at RELEX?

The parties responsible for information security at RELEX are our Chief Information Security Officer (CISO), Information Security team, and Information Security steering group.

Have you ever had any serious security breaches?

No, but every connected IT system is exposed to external security threats, and no system can be completely secure. Therefore, the goal of protection mechanisms is to make successful attacks as difficult as possible, detect potential threats quickly, and mitigate their business impact.

Where is my data stored and how is access controlled?

Data is stored on the Snowflake data lake and the Microsoft Azure cloud computing platform. We use strong controls to make sure only the right people can access our systems.

How do you keep up with the latest security threats and what steps do you take to respond to vulnerabilities?

We regularly update our software to fix any new weaknesses and make it even harder for attackers to succeed.

How do you mitigate risks to your system and data?

We design and develop our software to avoid introducing security issues from the start. Every new software version is automatically and thoroughly tested for potential problems. Our network is designed so that each part is separated.

This way, even if an attacker gets into one area, they can’t easily reach the rest. When data is sent between systems, we encrypt it and verify its source.

What security training do your employees undergo?

All of our employees take regular mandatory security training so they can avoid mistakes that could cause security issues.

What happens in the event of an attack?

Do you have plans in place so that the software service doesn’t go down? We’ve set up multiple recovery systems to minimize any disruption to our customers’ businesses. For example, our systems are designed to keep running even if some resources are compromised and we take regular snapshots of the data and store them securely in Microsoft Azure for as long as necessary. We also conduct frequent disaster recovery tests to ensure backups can be restored smoothly when needed.

How do you secure AI and machine learning systems, in particular GenAI?

Our customer-specific AI/ML models are trained using a customer’s data for the purpose of providing the service to that customer only. Microsoft’s Azure OpenAI Service is used to power our GenAI assistant Rebot. This provides an enterprise-grade security barrier between Rebot and OpenAI, which means OpenAI does not process or have access to any customer data.