Information security refers to the measures and strategies used to protect information from unauthorized access, disclosure, modification, destruction and disruption. The concept is based on three specific key components:
-
Confidentiality
Ensure that information is only accessible to authorized persons or institutions.
-
Integrity
Ensuring the accuracy and reliability of information by preventing unauthorized changes.
-
Availability
Ensure that information is accessible when needed and that systems are available to authorized users.
To ensure the security, confidentiality, integrity and availability of information, security controls such as access controls, encryption, firewalls and intrusion detection systems and security guidelines are introduced in the company. The aim is to establish a comprehensive information security management system that combines technical, procedural and organizational measures to mitigate risk and protect sensitive information from various threats. Regular risk assessments, internal security awareness training and continuous improvement are key aspects of maintaining effective information security.
A company's information security can be verified and certified by providing evidence of standards and frameworks such as ISO/IEC 27001:2022 or SOC II.
Bilendo is ISO/IEC 27001:2022 certified. As a cloud provider, Bilendo also demonstrates further stricter information security measures through ISO/IEC 27017:2015. In addition, Bilendo provides proof via SOC II (Service Organization Control 2 of the American Institute of Certified Public Accountants (AICPA)) that it complies with the Trust Service Criteria with regard to security, availability, confidentiality and data protection.
Datenschutz
Data protection focuses on the legally compliant and responsible handling of personal data in order to ensure the privacy of individuals and compliance with the relevant laws and regulations.
In a nutshell, data protection ensures that there is an effective legal basis for data processing, that it is earmarked for a specific purpose, that only the minimum amount of data required for the intended purpose is collected and that the accuracy of the data is ensured. The General Data Protection Regulation (GDPR) provides data subjects with specific rights that must be guaranteed by companies when they store and process personal data. As Bilendo, we comply with the obligation to ensure that all data subjects can assert their right to information, access, erasure (right to be forgotten), accuracy, data portability and objection to processing.
When transferring personal data to countries outside the European Economic Area (EEA), organizations must ensure that appropriate safeguards are in place to protect the data and that an identical level of data protection is guaranteed. In addition, organizations are required to keep records of their data processing activities, detailing the purposes, categories of data and other relevant information.
A company's general level of data protection can be verified by providing evidence of standards and frameworks such as ISO/IEC 27701:2019 or ISO/IEC 27018:2019. Bilendo is ISO/IEC 27018:2019 certified.
Information security and data protection at Bilendo
Information security protects Bilendo's valuable business assets as well as customer data from external threats, ensures the continued availability and integrity of systems and data and overall resilience to potential disruptions. Similarly, ensuring data privacy is of critical importance to Bilendo, as it protects the privacy rights of individuals and strengthens customer confidence in Bilendo's security. Together, information security and data privacy form the foundation for secure data practices that promote system security, mitigate legal risks and protect information and data in an increasingly digital and connected business environment.
In summary, data privacy and information security contribute to a company's competitive advantage by promoting customer trust, ensuring regulatory compliance, mitigating risk, differentiating the company in the marketplace, opening up global opportunities and supporting innovation. Companies that proactively address these aspects not only fulfill legal obligations, but also position themselves as leaders in the ethical and secure handling of data.
Information security management system (ISMS)
Bilendo has established a comprehensive management system for information security, which consists of a mandatory framework and guidelines for business processes on the one hand and is supplemented by standardized and automated monitoring of the system and IT infrastructure on the other. The ISMS is complemented by continuous employee training.
Vulnerability scan and penetration test
The IT infrastructure is checked for vulnerabilities on a daily basis using various vulnerability scanners. Any vulnerabilities found are immediately closed or patched in accordance with the defined service level agreements. In addition, Bilendo commissions an external service provider at least once a year to carry out a comprehensive penetration test of the systems.
IT infrastructure
As a processor of personal data, Bilendo is aware of the responsibility and the special security of the data of its customers and their customers. All data that is managed and processed as part of the provision of services is stored exclusively in European data centers and is subject to the provisions of the GDPR in its further collection, storage and processing. The customer data as well as data of their customers are stored in Frankfurt a. M. in a state-of-the-art data center of Amazon Web Services Germany (AWS). This data center is certified according to:
- ISO/IEC 27001:2022
- ISO/IEC 27017:2015
- ISO/IEC 27018:2019
- ISO/IEC 27701:2019
- ISO/IEC 22301:2019
- ISO/IEC 20000-1:2018
- ISO/IEC 9001:2015
- CSA STAR CCM v4.0
- PCI DSS Level 1
- SOC1-3
- TISAX
In addition, any connection to and from Bilendo is only possible in encrypted form. The TLS/SSL encryption secures both the access to the website, the application itself and the transport routes of the data. The same protection applies to the transmission of data between Bilendo and possible customer service providers.
Appointed data protection officer
Wolfgang Steger (External Data Protection Officer)
Am Neuen Weg 21
D-82041 Oberhaching
Telefon: +49 89 71909120
Email: steger@ra-info.de
Technical and organizational measures
Technical and organizational measures are crucial to effectively ensure data protection and information security. While technical measures focus on the implementation of security technologies, organizational measures relate to internal processes, employee training and compliance structures that ensure that security objectives are met. Bilendo has implemented extensive technical measures such as access controls, encryption, data security and recovery, network security, privacy by design and identity and access management. These are supplemented by a range of organizational measures. Employees are continuously trained and sensitized in the areas of information security and data protection, and emergency management and business continuity plans as well as compliance and data protection regulations are in place. Bilendo also operates a comprehensive risk management system to assess and mitigate ongoing internal and external changes as well as emerging risks. All measures are regularly reviewed for their effectiveness through external and internal audits.
Legal notice
Our website is not intended as a standard work on the European General Data Protection Regulation or as legal advice for other companies. Furthermore, the site is not intended as a guide to legally compliant compliance with the GDPR or information security. Rather, it is intended to provide and summarize all relevant information on how Bilendo handles the legal and normative regulations relating to data protection and information security.
This legal information is in no way to be confused with legal advice from a lawyer! We therefore expressly point out that you must consult a lawyer if you require advice on the information provided here and on its accuracy and completeness.
Accordingly, you may not rely on this document as legal advice or as a recommendation for a particular interpretation of applicable law.