#WeSeeMore
Management Statement
At RIFFSEC, we understand that business responsibility goes far beyond simply delivering high-quality services. Even though we are a young startup, we recognize the growing importance of ESG, especially when working with large enterprises and corporations. That’s why we take actions that support ESG goals both within our organization and for RIFFSEC’s clients.
Our top priority is data protection and privacy. We handle all information—whether it’s stored by RIFFSEC clients or analyzed in threat detection processes—with the highest level of care and in compliance with industry best practices. As a company, we contribute significantly to building a safer digital ecosystem, guided by transparency, ethics, and accountability in everything we deliver.
Environmental
RIFFSEC’s CO₂ emissions are minimal, generated mainly by electricity consumption in our data centers and transportation.
RIFFSEC has no direct CO₂ emission sources tied to its operations, such as fuel combustion for office facilities or servers.
All RIFFSEC data is hosted on our own server, colocated in a major city in Poland. This means the data center itself is responsible for providing reliable power and cooling.
While we store very large volumes of data, we only process them periodically during the day—most often overnight in local time.
RIFFSEC operates in a hybrid work model. Most of the team works remotely, coming to the office up to two days per week. The office primarily serves as a space for education and collaboration, which reduces the need for daily commuting and helps lower CO₂ emissions. Even on in-office days, the RIFFSEC team primarily relies on public transportation, further reducing our carbon footprint.
When it comes to business travel, our priority is always rail over air whenever possible.
We also keep the use of cloud services to an absolute minimum, limited to essential operational tools (Google Workspace, ClickUp) and shared MLL resources—separately for developers and business teams.
We also follow a conscious IT asset management policy:
End-user and office equipment: Computers, monitors, and servers are mostly sourced from post-lease resale markets, reducing the carbon footprint of new hardware production.
New components: Purchases are limited to essential items such as drives, memory, or keyboards.
Disposal: Fully depleted hardware is handed over to specialized e-waste processing firms.
Minimal accessories: We maintain a standardized equipment policy and avoid unnecessary gadgets.
Social
Data Security and Privacy
Policies implemented to protect RIFFSEC and client data—as well as
compliance with relevant standards and guidelines (including UKNF, NIS2,
and DORA)—are described in a separate information security document.
Education and Community Awareness
Our educational initiatives are designed to reach a broad audience,
regardless of location.
- A key element of our outreach is the concept of learning through humor. Complex, often challenging topics such as data security, password hygiene, and online safety are presented in a simple, light-hearted way. We believe this approach helps audiences retain key information more effectively. Instead of fearmongering, we highlight risks in an engaging, humorous manner.
- On a more formal level, we aim to share knowledge with future cybersecurity professionals by co-developing a postgraduate study program at a university in Warsaw. The program, set to launch in fall 2025, is based on input from practitioners across the country who contributed their insights and suggestions for a two-semester curriculum.
Industry Community Support
RIFFSEC’s founders actively participate in both the startup and cybersecurity ecosystems, sharing knowledge and expertise through initiatives such as:
- Secureway Meetup, Warsaw – A recurring event, with the first edition scheduled for March 2025. This meetup is designed by IT and cybersecurity professionals, for professionals. It’s free, open, and focused on high-quality, expert-driven sessions.
- International CTI Community Platform – By the end of 2025, we will launch a knowledge-sharing hub for Cyber Threat Intelligence professionals across Europe and beyond. Our goal is to create an accessible alternative to costly, consultancy-driven clubs, enabling broader collaboration and exchange of data, knowledge, and expertise.
Team
At RIFFSEC, hiring decisions are based solely on knowledge, experience, role fit, and willingness to grow. Gender, skin color, religion, or nationality are not factors. Beyond professional qualifications, effective collaboration relies on mutual respect and adherence to commonly accepted legal and social norms.
Governance
RIFFSEC operates in full compliance with Polish law and regularly reports required information to the National Court Register (KRS), which provides public access to the company’s financial standing and connections with other entities or individuals.
The company has also defined clear rules of conduct for employees and management in their interactions with clients, partners, and colleagues.
Core Principles of Business Ethics
- We take full responsibility for our actions, products, and services.
- Protection of client, partner, and company information is always a top priority.
- No hidden costs or dysfunctional features/services in our offerings.
- We speak respectfully about competitors or not at all, and never manipulate information about other companies.
- We do not provide financial support to political parties or politicians.
- Offering or accepting bribes, kickbacks, or personal favors is strictly prohibited.
- Employees and management must disclose potential conflicts of interest (e.g., previous employment or personal ties with client organizations).
- Management leads by example in respecting colleagues and does not tolerate harassment or discrimination.
Future Goals
We plan to further develop our ESG initiatives, adapting to evolving regulations and industry best practices. As a startup, we “measure strength against ambition” but also remain highly agile in responding to partner expectations.
In the coming months and years, we plan to:
- Make conscious choices of cloud providers aligned with ESG policies.
- Develop and begin publishing anonymized breach statistics to support academic research, master’s theses, and engineering projects.
- Launch the SOC 2 compliance certification process.
