Last updated: 19 September 2024.
We believe that every Tech-Driven SME should start their compliance journey by implementing a rigorous Information Security Management System (ISMS).
At Compleye, we advise our clients to integrate the ISO27001 norm in the core of their compliance processes. An external auditor once referred to the ISO27001 as ‘Your licence to operate’.
We stand by that statement, and we believe that the ISO27001 certification enables immediate trust between you and your customers.
Once your ISMS system is in place you can build other frameworks on top of that, making use of a good and solid compliance foundation.
Compleye is ISO27001 Certified since October 2022.
2. Privacy next
Without an adequate security system, you can’t protect the privacy of data, that is why privacy follows.
In 2022 we implemented the ISO27001 (Privacy Information Management System) for one of our SuperCoolCustomers. Everynitty-gritty-detail of the GDPR needs to be documented and verified ensuring every ‘i’ was dotted and every ‘t’ crossed.
However, we also learned that becoming ISO27701 certified is also a huge documentation burden. For companies processing a lot of PII Data it can be recommended or even requested by customers or other stakeholders.
Compleye decided to implement the best practices of ISO27701, however remain from certification process.
Once your organisation is ready to scale, you can start with streamlining your ‘way of working’ and think of implementing a quality framework (e.g. ISO9001).
Implementation of a quality system – in general – wil increase also the amount of documentation and will not support an agile way of working.
Quality can also be gained by focussing on maturing your privacy and security system. Perhaps a better focus, as most tech-driven companies already have close customer-feedback-loops in place ensuring the best value for money to customers. Otherwise they were already out of business.
Compleye decided to focus on maturing the security and privacy system, while keeping focus on a good customer-feedback-loop ensuring best quality for customers.
Compliance is our business and we follow closely developments in new regulations and industry standards, if not be requests of our customers. It is our business to translate complex requirements of those laws, regulations and industry standards into practical approaches and measures that are fit-for-purpose and aligned with stage and phase of your organisation. We have developed ‘Audit View’-feature on our platform, where customers can adopt a frameworks and align it with evidence of activities and documentation. Audit Views can be shared with external stakeholders to proof compliance without expensive certification or Audit reports.
Compleye has adopted the following frameworks in Audit View: ISO9001, NIS-2 and ISO27701
It is important to share compliance information with stakeholders about your implemented frameworks, please find below security and privacy information and links to shared documents.
List of sub-processors:
AWS, location EU
– for processing of compliance data on our platform.
Google Analytics
– Analytical tool
Mixed Panel
– Analytical tool
Sendgrid
– Email notification from platform to individual users.
Documentation:
Data Processing Agreement
Terms of Use
Terms & Conditions
Available upon request
(for customers only)
Security Policy
and ISO 27001 – Statement of Applicability
