ISO 27001 is an international standard for information security. To meet the stringent requirements of this standard, we have established an information security management system. Through this system, everyone in our organization consistently works towards improving security. You can request details about all the measures we have implemented. Below are the key measures for you:
From the first day, our employees undergo training in the secure handling of information and personal data. Topics covered include legislation (including GDPR), password policies, data breach reporting, and file encryption. Within two weeks of joining, our employees are required to successfully complete a test on information security.
Secure transmission and deletion of information.
Information, especially personal data, is securely transmitted. We utilize the capabilities provided by our clients, such as SFTP or AES-256 encryption. In cases where clients do not have such capabilities, we deploy our own resources to ensure secure transmission. This ensures that information is always sent securely. When information is no longer needed, it is securely deleted. We conduct periodic reviews to identify files that are no longer necessary and can be safely removed.
The least-privilage principle
We operate according to the least-privilege principle. This means that as few individuals as possible have access to specific data. We will never create an additional account without permission. Additionally, we delete accounts when they are no longer necessary.
Backups are created to ensure continuity of operations in the event of a disaster. We perform backups of our documents six times a day, and they are securely stored with 256-bit encryption. Quarterly, we verify the accuracy of these backups by placing and removing test files.
Periodic checks are conducted on equipment, software, and security to minimize the risk of interruptions and ensure the continuity of our services.
Incidents are always analyzed
Incidents are thoroughly documented and analyzed to prevent recurrence in the future. If there are incidents that impact our customers, we will always report them.
Awareness of current legislation
We are fully aware of the current laws and regulations and monitor any changes, including the recent topic of the e-Privacy Regulation. The key legislations for our customers are the General Data Protection Regulation (AVG/GDPR) and the Telecommunications Act. We can also provide advice to our customers on these matters.
Want to know more about information security?
Do you have questions about our information security or would you like to have a non-committal discussion on this topic?
Feel free to reach out and contact us.