An ISO 27001 certification proves that an organization has established, manages and continuously improves a complete Information Security Management System (ISMS). So it's about a process (assessing risks, choosing control measures, doing PDCA cycle), not just technology.
Hosting | Microsoft Azure West-Europe; geo-replica in North-Europe |
Data traffic |
Always TLS ≥ 1.2; passwords hashed (bcrypt) |
Backups & uptime | 99.8% platform SLA, point-in-time backups up to 7 days back, weekly backups up to 5 weeks back. |
Access management | "Need-to-know" access, logging of all actions |
Business continuity | BC plan tested annually according to ISO 27001 & NIS2 |
Our ISMS is reviewed internally and externally every year (internal audit, management review, certification audit) and constantly updated according to the PDCA cycle.
Our scope explicitly includes ISO inspections expanded to include NIS2 requirements, so inspection companies will soon be demonstrably compliant in their chain.
clear processes & logging
minimal data, masking where necessary
99.8% uptime & geo-replica
PDCA and external audits
PDCA and external audits
clear processes & logging
minimal data, masking where necessary
99.8% uptime & geo-replica
PDCA and external audits
PDCA and external audits
Yes, reaffirmed based on the 2022 standard. Certificate copy upon request.
At least annually and during major changes in business or technical architecture.
Limited; proprietary devices for email/Teams, company laptops with MDM required.