Why organizations choose Corporater SaaS

Convenient

Access your solution from anywhere, anytime, on any device. All you need is Internet access.

Cost-effective

Eliminate upfront cost for hardware and ongoing cost for maintenance, updates, and IT staff.

Rapidly Available

Corporater works out of the box and can be deployed quickly across your entire organization.

Always up-to-date

Let us keep you up to date with latest security and functionality features with minimal user disruption.

AWS Infrastructure

Corporater SaaS solutions are delivered and deployed on Amazon Web Services (AWS) secure, scalable cloud infrastructure.

AWS GDPR Compliance

All AWS services are GDPR compliant.

Learn more >

Compliant DPA

AWS offers a GDPR-compliant Data Processing Addendum (DPA), enabling us to comply with GDPR contractual obligations.

Security of Personal Data

AWS’s has a long list of internationally-recognized certifications and accreditations, demonstrating compliance with rigorous international standards, such as ISO 27001 for technical measures, ISO 27017 for cloud security, ISO 27018 for cloud privacy, SOC 1, SOC 2 and SOC 3, PCI DSS Level 1, and EU-specific certifications such as BSI’s Common Cloud Computing Controls Catalogue (C5).

Additional Resources

AWS has teams of compliance, data protection, and security experts, as well as the APN, helping customers across Europe prepare for running regulated workloads in the cloud as the GDPR becomes enforceable.

Compliance-enabling Services and GDPR

Many requirements under the GDPR focus on ensuring effective control and protection of personal data. AWS services have the capability to implement our own security measures in order to enable our compliance with the GDPR, including specific measures such as:

  • Encryption of personal data
  • Ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services
  • Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
  • Processes for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of processing

This is an advanced set of security and compliance services that are designed specifically to handle the requirements of the GDPR.

Additionally, AWS published a whitepaper, “Navigating GDPR Compliance on AWS,” dedicated to this topic. This paper details how to tie GDPR concepts to specific AWS services, including those relating to monitoring, data access, and key management. Furthermore, AWS GDPR Center gives access to the up-to-date resources we need to tackle requirements that directly support our GDPR efforts.

ISO CERTIFICATION

Corporater SaaS is ISO Certified

Corporater SaaS is ISO 27001 certified, and as such has a rigorous information security management system (ISMS) in place, which serves as a framework of policies and procedures that includes all legal, physical and technical controls involved in our information risk management processes.

ISO 27001 verifies that Corporater SaaS meets high standards of risk management and security controls to keep its customers’ information assets secure.

Corporater_ISO27001_Certified

Corporater Privacy Standards

Corporater takes privacy seriously and has all the relevant policies and procedures to make sure that it complies with the obligations found in GDPR and DPA.

Our Global Data Protection Policy and Global Operational Procedures address among other GDPR requirements, the matter of data security in accordance with Article 32. These documents are also supplied by our more general Information Security Policies and procedures.

This ensures that Corporater has the technical and organisational security measures in place to protect all personal data within the processing systems. These security measures are appropriate to the risks of varying likelihood and severity for the rights and freedoms of individuals associated with the processing of personal data within the processing systems and, in particular, with the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to those personal data.

In assessing what security measures are appropriate, we take into the account security best practices, and the nature, scope, context and purposes of the processing to be carried out by the processing system.

Where appropriate, they will include pseudonymisation and encryption of personal data, the ability to ensure the ongoing confidentiality, integrity, availability and resilience of the processing system, the ability to restore the availability of, and access to, personal data in a timely manner in the event of a physical or technical incident and a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing system.

GDPR Compliance

Corporater follows data security measures that guarantee a protection level appropriate to the risk concerning confidentiality, integrity, availability and resilience of the Corporater SaaS system.

corporater saas software

Software Development

Safeguards

Corporater has policies and instructions with technical and organisational safeguards for the proper development of software or systems, including middleware, databases, operating systems and network components and all other parts.

The policies and instructions describe as a minimum, following aspects:

Security in software development methods in compliance with security standards established in the industry (e. g. OWASP for web applications and OWASP Secure Coding Practices Checklist). At least following aspects must be addressed: secure (encrypted) device communication, secure end-user communication and user management, secure Web-Browser

Security of the development environment (e. g. separate development/test/production environments)

Security in version control

corporater saas software
Application 3rd party Security Auditing

Corporater uses Veracode as designated 3rd party for security audits. This includes:

Continuous automated static scans of source code as regular part of the Software Development Life Cycle

Manual penetration tests scheduled and conducted by Veracode

Security and vulnerability mitigation consulting

corporater saas software
Contact us to schedule your free demo.
Request Demo