Our approach to compliance
Our approach is built around ISO 27005 and its risk assessment process, where our people, processes and technology are continuously prioritized and hardened based on the risk they pose.
Our approach is built around ISO 27005 and its risk assessment process, where our people, processes and technology are continuously prioritized and hardened based on the risk they pose.
Penetration tests. External cyber professionals regularly conduct penetration tests on Scalepoint’s networks and solutions. They analyse vulnerabilities related to the most critical attacks that occur at a specific time. Test results can be shared if requested.
ISAE 3402 and 3000. We prepare 3402 ISAE and ISAE 3000 audit reports through an independent audit firm. The reports provide security for the design, implementation, and administration of our internal controls regarding data security and privacy.
Incident response 24/7. Our Incident Response Team monitors potential cyber security breaches 24/7. The team handles technical incidents as well as incidents where privacy legislation dictates that specific steps must be taken.
Employee training. All Scalepoint employees are continuously trained in data security and GDPR. Relevant functional areas also receive training in performing their controls correctly and designing solutions in a safe and GDPR-compliant manner.
To ensure that appropriate controls are in place to manage current and future risks, we have implemented an Information Security Management System in accordance with ISO / IEC 27001. The controls are continuously audited by our internal second line of defence functions as well as external auditors.
We have established clear lines of defence that meet industry requirements. We continuously train and certify our employees in all areas of defence. Our certifications include:
IAAP
We are a member of the International Association of Privacy Professionals.
OneTrust
We have partnered with OneTrust, a leading provider of privacy management solutions.
EcoVadis
We use the world’s largest and most trusted provider of CSR ratings for our annual survey.
GotEthics
We use GotEthics, part of the EQS Integrity Line Group, one of the most popular whistleblower suppliers in Europe.