All AWS services are GDPR compliant.
Access your solution from anywhere, anytime, on any device. All you need in Internet access.
Corporater SaaS solutions are delivered and deployed on Amazon Web Services (AWS) secure, scalable cloud infrastructure.
AWS GDPR Compliance
All AWS services are GDPR compliant.
AWS offers a GDPR-compliant Data Processing Addendum (DPA), enabling us to comply with GDPR contractual obligations.
Security of Personal Data
AWS’s has a long list of internationally-recognized certifications and accreditations, demonstrating compliance with rigorous international standards, such as ISO 27001 for technical measures, ISO 27017 for cloud security, ISO 27018 for cloud privacy, SOC 1, SOC 2 and SOC 3, PCI DSS Level 1, and EU-specific certifications such as BSI’s Common Cloud Computing Controls Catalogue (C5).
AWS has teams of compliance, data protection, and security experts, as well as the APN, helping customers across Europe prepare for running regulated workloads in the cloud as the GDPR becomes enforceable.
Compliance-enabling Services and GDPR
Many requirements under the GDPR focus on ensuring effective control and protection of personal data. AWS services have the capability to implement our own security measures in order to enable our compliance with the GDPR, including specific measures such as:
This is an advanced set of security and compliance services that are designed specifically to handle the requirements of the GDPR.
Additionally, AWS published a whitepaper, “Navigating GDPR Compliance on AWS,” dedicated to this topic. This paper details how to tie GDPR concepts to specific AWS services, including those relating to monitoring, data access, and key management. Furthermore, AWS GDPR Center gives access to the up-to-date resources we need to tackle requirements that directly support our GDPR efforts.
Corporater SaaS is ISO 27001 certified, and as such has a rigorous information security management system (ISMS) in place, which serves as a framework of policies and procedures that includes all legal, physical and technical controls involved in our information risk management processes.
ISO 27001 verifies that Corporater SaaS meets high standards of risk management and security controls to keep its customers’ information assets secure.
Corporater Privacy Standards
Corporater takes privacy seriously and has all the relevant policies and procedures to make sure that it complies with the obligations found in GDPR and DPA.
Our Global Data Protection Policy and Global Operational Procedures address among other GDPR requirements, the matter of data security in accordance with Article 32. These documents are also supplied by our more general Information Security Policies and procedures.
This ensures that Corporater has the technical and organisational security measures in place to protect all personal data within the processing systems. These security measures are appropriate to the risks of varying likelihood and severity for the rights and freedoms of individuals associated with the processing of personal data within the processing systems and, in particular, with the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to those personal data.
In assessing what security measures are appropriate, we take into the account security best practices, and the nature, scope, context and purposes of the processing to be carried out by the processing system.
Where appropriate, they will include pseudonymisation and encryption of personal data, the ability to ensure the ongoing confidentiality, integrity, availability and resilience of the processing system, the ability to restore the availability of, and access to, personal data in a timely manner in the event of a physical or technical incident and a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing system.
Corporater follows data security measures that guarantee a protection level appropriate to the risk concerning confidentiality, integrity, availability and resilience of the Corporater SaaS system.
Corporater has policies and instructions with technical and organisational safeguards for the proper development of software or systems, including middleware, databases, operating systems and network components and all other parts.
The policies and instructions describe as a minimum, following aspects:
Security in software development methods in compliance with security standards established in the industry (e. g. OWASP for web applications and OWASP Secure Coding Practices Checklist). At least following aspects must be addressed: secure (encrypted) device communication, secure end-user communication and user management, secure Web-Browser
Security of the development environment (e. g. separate development/test/production environments) Security in version control
Security in version control
Corporater uses Veracode as designated 3rd party for security audits. This includes:
Continuous automated static scans of source code as regular part of the Software Development Life Cycle
Manual penetration tests scheduled and conducted by Veracode
Security and vulnerability mitigation consulting