Information Security & Data Protection
Information Security Governance
We take a strategic approach to information security. Risk management and comprehensive audits is a natural part of our operations.
Security policies and procedures are documented, communicated and published for all employees. All Benify employees annually take part of an extensive awareness program to ensure compliance and to create a good security culture.
The privacy of our client’s personal data is important to us. Privacy and Data Protection are highly integrated parts of our core business and we are working hard to ensure compliance to privacy legislations such as the EU General Data Protection Regulation.
We take comprehensive measures to ensure the security in our application and to protect our client’s data.
Frequent vulnerability scans are performed and third-party security experts perform detailed penetration tests on our application.
In order to achieve a structured and strategic approach to information security, we have a fully implemented information security management system according to ISO 27001 which caters to both administrative and technical security controls.
We are proud to be one of few organizations to be certified according to ISO/IEC 27001:2013 regarding information security management systems and ISO/IEC 27018 regarding protection of personal data in clouds.
Data Center & Physical Security
Our servers are located in EU and are hosted at data centers with high physical security with ISO27001 compliance and/or ISAE assurance reports.
Data centers are separated across various physical locations in order to achieve geo-redundancy and disaster recovery possibilities.
Operations & Network Security
We make great efforts to ensure our application is supported by a secure and robust IT infrastructure.
We use industry standard security techniques and best practices to control access and information flows to and from our networks.
We monitor our networks and applications to ensure performance, uptime and resource usage and to detect and prevent intrusions.