At Software Improvement Group (SIG), we are committed to protecting the confidentiality, integrity, and availability of our information systems and our customer’s data. SIG is continuously broadening our range of security and compliance reports in response to customer demands. Below is the present inventory of reports accessible to all customers and prospective clients under a Non-Disclosure Agreement (NDA).
To obtain copies of reports tailored to your organization’s needs or to inquire about upcoming certifications, please contact our team.
SOC 2 | ISAE 3000
SOC2 | ISAE 3000 is developed by the AICPA (American Institute of CPAs) and defines criteria for the management of user organizations’ data based on the Trust Service Criteria – The Trust Service Criteria relate to security, availability, processing integrity, confidentiality, and privacy related controls. The SOC2 Type II designation signifies an examination of operational effectiveness, offering our clients assurance regarding the security, integrity, and confidentiality of the organization’s systems and data handling processes. SIG has obtained both SOC2 Type I, and Type II attestation reports issued by Conclude Accountants B.V.
ISO/IEC 27001
This globally acknowledged standard for information security management systems (ISMS) outlines a framework for organizations to establish, implement, maintain, and improve their information security practices. SIG has been awarded the ISO/IEC 27001 certificate by TÜV Nord.
Regular Penetration Testing
SIG takes a proactive approach to security and a trusted third party conducts regular penetration tests to uncover vulnerabilities in computer systems, networks, and applications. It involves simulating real-world attacks to assess existing security measures. Following a structured approach, pen tests identify weaknesses, aiding SIG in fortifying our defences against potential cyber threats.
GDPR (General Data Protection Regulation)
SIG adheres to The General Data Protection Regulation (GDPR), a robust data privacy law enacted by the European Union (EU) in 2018. We comply with stringent standards for handling the personal data of EU citizens, irrespective of location. Key provisions include transparent data processing, consent requirements, and measures for data breach prevention. We support GDPR, which aims to bolster individuals’ data privacy rights and enhance accountability for organizations processing personal data.
Data Storage
SIG will ensure that Company Data is stored, processed, and resides in the European Union. Or where requested that Company Data may be accessed by SIG at a location indicated by the Company as agreed upon in writing on a case-by-case basis. SIG will not disclose Company Data available to third parties without the Company’s written permission. All Data stored in these data centres is encrypted with Industrial Accepted Encryption.
Information Security Policy
This SIG Information Security Policy aims to give transparent and accurate information about how and to what extent SIG protects the confidential information of its customers or other stakeholders.