Review & Send Response

Provide your current ISO 27001:2022 certificate including the Statement of Applicability (SoA).

Certificate attached. Valid until December 2026. Certification body: TÜV SÜD.

What is the scope of your Information Security Management System (ISMS) as defined in your certification?

Our ISMS covers all cloud services, development operations, and customer data processing activities across our EU data centers in Frankfurt and Dublin.

Do you have documented information security policies and are they communicated to all employees? (ISO 27001 A.5)

Yes, our security policy framework includes 12 domain-specific policies. All policies are accessible via our intranet and covered in mandatory annual training.

How do you manage access control and privileged access management? (ISO 27001 A.9)

We implement role-based access control (RBAC), enforce MFA for all users, and use a PAM solution for privileged accounts with session recording.