Our approach to compliance

Our approach is built around ISO 27005 and its risk assessment process, where our people, processes and technology are continuously prioritized and hardened based on the risk they pose.


Penetration tests. External cyber professionals regularly conduct penetration tests on Scalepoint’s networks and solutions. They analyse vulnerabilities related to the most critical attacks that occur at a specific time. Test results can be shared if requested.


ISAE 3402 and 3000. We prepare 3402 ISAE and ISAE 3000 audit reports through an independent audit firm. The reports provide security for the design, implementation, and administration of our internal controls regarding data security and privacy.


Incident response 24/7. Our Incident Response Team monitors potential cyber security breaches 24/7. The team handles technical incidents as well as incidents where privacy legislation dictates that specific steps must be taken.


Employee training. All Scalepoint employees are continuously trained in data security and GDPR. Relevant functional areas also receive training in performing their controls correctly and designing solutions in a safe and GDPR-compliant manner.

ISO 27001 and 2

To ensure that appropriate controls are in place to manage current and future risks, we have implemented an Information Security Management System in accordance with ISO / IEC 27001. The controls are continuously audited by our internal second line of defence functions as well as external auditors.

Dedicated Risk &
Compliance team

We have established clear lines of defence that meet industry requirements. We continuously train and certify our employees in all areas of defence. Our certifications include:

  • ISO 27001 Lead Implements (Data Security Monitoring)

  • CIPP / E (Certified Information Protection Officer)

  • Security + (Including firewall configuration, cloud computing and encryption)

Our compliance partnerships


We are a member of the International Association of Privacy Professionals.


We have partnered with OneTrust, a leading provider of privacy management solutions.


We use the world’s largest and most trusted provider of CSR ratings for our annual survey.


We use GotEthics, part of the EQS Integrity Line Group, one of the most popular whistleblower suppliers in Europe.

Want to hear more?