The ISO 27001 certificate was within reach with our ‘privacy by design’
Bringme obtained the ISO 27001 information security certificate after the DQS audit in January 2020. Our products are used by customers to protect their ideas, expertise, and data. That starts at the front door of the company with the Bringme Bell, welcoming visitors with our Desk, to internal logistics with track & trace via the Bringme Box Exchange. With the ISO 27001 certificate and the 27701 privacy compliance, we confirm to our customers that we invest heavily in IT security and the secure management of personal data.
We’ll explain below why the step to ISO certification wasn’t such a big one for our company.
1. No passwords
Amazingly, most software applications still work with a traditional password. However, it is known that the most secure way to protect applications is through authentication based on a multi-factor token. Users provide their mobile number or email address and are given a temporary code that lets them to log on to the Bringme App. With this method, there’s no more need to worry about the security risks involved in passwords.
2. Reliable data encryption and penetration tests
In any case, our developers are trained with regard to the OWASP-identified security risks and naturally, backups are stored in a manner that is compliant with the GDPR in Europe. We regularly have comprehensive penetration tests carried out by external experts.
3. Physical and digital security layers
Of course, we use our own Bringme Bell to secure access to the building in combination with internal smart cameras that work with facial recognition and voice assistance. Each visitor logs on to the Bringme Desk in the enclosed reception area and is personally welcomed and accompanied by his or her host. Employees at Bringme are given limited access rights to the information necessary to perform their job.
4. Certified DPO and ISO 27701 privacy extension
Our Data Protection Officer (DPO) is not only there to answer privacy-related questions from customers, but also to translate the implementation of the GDPR legislation into practice within the company, such as the clean desk policy, contracts and devices that transfer business-sensitive information via our internal Bringme Box, etc.