aanmelder.nl

ISO 27001 Zertifizierung

Die Sicherheit Ihrer Daten und die Ihrer Teilnehmer hat für eventilo.com die höchste Priorität. In den vergangenen Jahren hat eventilo.com die Sicherheit hervorragend organisiert, die Schutz auf 5 Ebenen bietet.

eventilo.com ist ISO27001:2013 zertifiziert durch DNV.GL. Hier können Sie das Zertifikat und die Anwendungserklärung herunterladen

.

ISO 27001 Zertifizierung

Best Practices

Security culture

Secure systems

Secure storage

Secure connection and data centres

GDPR and Privacy

best practicesbest practices

Best Practices

ISO27001 ist der am häufigsten verwendete Standard für Informationssicherheit bei Behörden und großen Unternehmen. Um diesen Standard einzuhalten, muss eine Organisation über ein gut funktionierendes Managementsystem verfügen, in dem die Sicherheit der Daten kontinuierlich verbessert wird. Eine Organisation muss außerdem über hundert Kontrollmaßnahmen ergreifen, um die Informationssicherheit zu gewährleisten. Beide Anforderungen werden jährlich von einem Unternehmen für Risikomanagement und Qualitätssicherung (DNV.GL) überprüft.

ISO27001 ist ein umfangreiches und kostenintensives System. eventilo.com setzt sich hiermit zu 100% für einen guten Verlauf Ihre Veranstaltung und die Pflege Ihre Daten ein.

best practices

Security culture

The employees of eventilo.com are structurally educated in the field of information security. A confidentiality statement and a screening are also part of the conclusion of the employment contract. Within the screening, a Dutch "Certificate of Good Conduct" (VOG) is also requested that relates to the activities of the employee. In order to guarantee the continuous development of the employees and the competences of the employees in the field of information security, a competency scan takes place every quarter. The team includes an Information Security Officer and an Incident Response Team.

safe culture
safe culturesafe culture
safe systemssafe systems

Secure systems

eventilo.com processes your data in systems that are separated from the internet via firewalls and load balancers. This ensures that malicious parties can not connect directly to the machines where your data is processed. All systems are included in a configuration management system and are automatically updated with the latest updates every day. Every month, these systems are subjected to an external security inspection based on information about the latest threats and recommendations.

safe systems

Secure storage

Eine einzigartige Innovation von eventilo.com ist unser Konzept der Datensafes in der Datenbank für Teilnehmerdaten. Sie werden nichts an den Daten bemerken, aber es bietet zusätzlichen Schutz für Ihre Teilnehmerdaten.

Ihr Konto ist mit einem Safe für Teilnehmerdaten ausgestattet. Genau wie bei einem Briefkasten können Registrierungen jederzeit hinzugefügt werden, nur Sie können Daten mit dem Schlüssel "Ihrem Passwort" abrufen. Dies stellt sicher, dass niemals ungesicherte Teilnehmerdaten im System vorhanden sind. Die Daten werden immer in einem sicheren Zustand gespeichert und können nicht ohne Passwort abgerufen werden. Die Sicherheit der Daten basiert auf der Verschlüsselung mit AES 128 und RSA 2048; zwei führende Methoden auf dem Gebiet der Verschlüsselung sensibler Daten.

safe storage
safe storagesafe storage
safe connectionsafe connection

Secure connection and data centres

The internet connection with the eventilo.com systems always uses HTTPS when entering data. This is the same kind of secure connection that protects online banking.

Of course, these systems are set up in extensively certified data centers.

safe connection

GDPR and Privacy

For 10 years, eventilo.com has had a privacy policy that does not contain any surprises: we do not do anything with your data, or that of your participants, that you would not do yourself. In fact, we do not do anything with your data unless you ask us to. You can read more about this in our privacy statement. eventilo.com has been working for 10 years in accordance with the European Privacy Act and now this transition to the GDPR is of course included.

eventilo.com meets all obligations arising from the GDPR. In addition to the regulations on data handling, the GDPR also sets a number of specific operational requirements:

  • eventilo.com has carried out a Privacy Impact Assessment.
  • A Data Protection Officer has been appointed.
  • All processes are audited on 'privacy by design.'
  • Procedures have been set up to comply with the obligation to help individuals to view, modify and delete their personal data.
  • eventilo.com does not carry out profiling or decision structures on the basis of personal data.
  • The data storage takes place in Europe.

The GDPR is a law that applies to the entire European Union. Because of this law, the protection of privacy is now well regulated throughout Europe. In addition, the European Union has drawn up so-called 'Model Clauses' for companies with data centers that process and store data from Europeans. These 'Model Clauses' provide the framework within which data can be processed safely and lawfully. The datacenters that eventilo.com uses are in the European Union and comply with these Model Clauses. With eventilo.com you meet the obligation to process data within the privacy regulations of the EU.

Data Processing Agreement

The GDPR stipulates that a Data Processing Agreement is required between eventilo.com and you. This agreement states the role we play in the processing of personal data and codifies mutual expectations. eventilo.com offers every customer the possibility to sign a processing agreement. For this we have set up a very easy do-it-yourself process in your account page.

What is required of you?

The GDPR states that you are obliged to provide a secure registration system. The law does not prescribe how you take care of this, but the intention and intent of the law does have similarities with the principles of ISO27001. This is no coincidence: ISO27001 is the best-known standard in the area of information security and the ISO27001 certificate provides proof that the registration system and the supplier are subject to extensive security checks. Without a certificate, you should carefully examine the safety of the system and the business operations of the supplier in order to comply with the obligations within the GDPR.

What can you pay attention to?

Some registration systems include in their security statement that HTTPS connections and ISO27001 data centers are used. These security measures are most easily implemented and eventilo.com has classified these as the lowest level of security.

Please note that an ISO27001 data center does not say anything about the security of the systems that have been set up there. It also says nothing about the security of the software or about the security in the operations of the suppliers. HTTPS also gives no guarantees about the protection of the supplier's networks or the security of the data storage. For data security, HTTPS and a secure data center are not sufficient.

At eventilo.com, security is a system that works through all layers of service and is an integral part of the product. eventilo.com distinguishes itself in the field of data security.

avg
avgavg

Produkt

Information

Hilfe

Newsletter

© Copyright 2020 Zirolab B.V. alle Rechte vorbehalten