Here is a 5-minute read, to give you a first impression of our information security arrangements. If you need more information, please get in touch with your (sales) consultant, who is able to provide you detailed documents with more specifics. Alternatively, call us, or drop us a line at our contact page.
Effectory uses data centers in Ireland, The Netherlands, Germany, France and Belgium. We need these data centers to host our applications, handle emails, and online support. And we need multiple locations for redundancy, load balancing, business continuity, and backups. All within the European Economic Area, that is, a little bit of data is also stored in our office location in Amsterdam.
Effectory has achieved ISO 27001 certification, the leading international standard for an Information Security Management System. BSI, one of the most professional, accredited auditing organizations in the world, independently inspects and certifies Effectory on the ISO 27001 standard. All of the 114 controls are audited for the scope of: conducting employee surveys, including the collecting, processing, reporting and consulting on personally identifiable data and survey results. This shows that we protect data according to the highest industry standards.
Of course, during software development lots of security testing is being done, automatic and recurring. On top of that, we also use automated vulnerability scanning, done monthly or even more than this, by a 3rd party. And manual penetration testing at least annually by another 3rd party, but typically more often at big releases. These pen tests are white box based, this means we give insights to the hired ethical hacking company, so that they can more efficiently search for vulnerabilities. And then, there is also the Responsible Disclosure Policy.
Each new employee gets the same basic instruction, and also a meeting in person with the chief information security officer, held every month. All employees must pass a mandatory annual assessment on information security and privacy awareness. We help colleagues get up to speed again on the topics that are lagging. Specific roles, e.g. software developers and project managers, get special instructions to do their job properly. Additionally, all employees are required to handover a Dutch VOG (code of conduct), to check for criminal records. These are just some of measures we took for people’s awareness of their role in keeping your data secure.
Using a multi-disciplinary approach, the ISMS core team members are: cloud engineer, cyber security specialist, system administrator, network administrator, legal counsel, privacy officer, and to top it off, a chief information security officer. As you can see, together, we take serious care of your data and information.
Click on the links to find out more about the information security and privacy of these sub processors. Rest assured though, we’ve already done it for you, each year as part of our ISMS recurring tasks.
P.S. Effectory uses other 3rd party tools as well, but not to process personal data, and therefore these do not qualify as sub processors.
Well, we are especially proud on this compliment from one of the external auditors recently: “The ISMS is not only effective, but also very mature”. How awesome to hear after all our hard work keeping your data and information secure 🙂