At jacando we firmly believe that security isn't just a feature; it's our foundation. Our commitment to robust security measures isn't just about protecting data; it's about safeguarding trust.
Compliance @jacando via Vanta
Ensuring the protection of our customer-related data is of utmost importance for our company. It is crucial that we ensure all information collected about our customers is used only for the necessary purposes.
Google Cloud Security
The security of Google Cloud is an integral part of the services that Google offers to its customers.
Insight into jacando’s security poilicies – Information handling
All information assets must be classified according to their sensitivity level. Employees are responsible for handling and protecting information according to its classification. It is important to ensure that appropriate measures are taken to maintain confidentiality, integrity and availability.
Customer-related data may only be used for the defined and necessary business purposes. Any usage not directly related to operational requirements is strictly prohibited.
Local storage and usage of customer data on personal devices or local servers are generally prohibited. All data must be stored and processed on the designated and secure company systems.
The dissemination or sharing of customer data with external parties is strictly prohibited unless explicit approval is granted by the customer.
In specific situations, local storage of customer data may be required, but prior approval from Timo Zimmermann or Alexander Pelka is essential. Unauthorized actions will be deemed policy violations.
Each employee is obligated to take security measures to protect customer-related data from unauthorized access or loss. It is the responsibility of each one to ensure compliance and protection.
Failure to adhere to these guidelines may result in disciplinary measures and legal repercussions. We urge every individual to responsibly manage customer data and promptly report any uncertainties or concerns to management.
Our path to ISO 27001 certification
The implementation of an information security management system (ISMS) in accordance with the ISO 27001 standard comprises several steps, which are roughly outlined below:
Last updated on 07.05.2024
Defining preparation and responsibilities
Development of measures to deal with the identified risks. This can include the implementation of security controls, processes and guidelines.
Carry out initial analysis
Assessment of the current status of information security in the company. This includes the identification of assets, threats, vulnerabilities and risks.
Definition of the scope of application
Definition of the scope of application of the ISMS, i.e. which parts of the company and which information is to be covered.
Carry out risk assessment
Identification and assessment of risks in connection with the company's information and information systems of the company. This includes the definition of risk assessment criteria and the prioritization of risks.
Definition of risk assessment criteria
Prioritization of risks
Plan risk treatment
Development of measures to deal with the identified risks. This can include the implementation of security controls, processes and guidelines.
Documentation and implementation of controls
Creation of documents such as guidelines, procedural instructions and controls that fulfill the security requirements of ISO 27001. These controls should aim to mitigate the identified risks.
Carry out internal audits
Conduct internal audits to ensure that the ISMS meets the requirements of the ISO 27001 standard and functions effectively.
Conduct management review
Regular assessment of the ISMS by management to ensure that it is appropriately implemented and effective. This includes reviewing key performance indicators and identifying opportunities for improvement.
Review of KPIs
Identification of opportunities for improvement
Certification preparation
Preparation for certification by an accredited certification body. This can include a comprehensive review of the ISMS and documentation of conformity with the ISO 27001 standard.
Obtaining and maintaining certification
Carrying out the certification audits by an external certification body and obtaining ISO 27001 certification. The ISMS must be continuously monitored and improved in order to maintain certification.
Safety @jacando
"Security by Design" is an approach that aims to integrate security aspects into the development process of products and systems, rather than treating them as an afterthought. This approach aims to ensure that security considerations are taken into account from the outset in all phases of product development.
Security architecture
Safety requirements
Security checks
Training and awareness
FAQ on the topic of security & compliance
If you have any questions about the security of jacando, you can contact us or your administrators at any time for further information and to ensure that your data is adequately protected.
Maximum security in the Google Cloud
The security of Google Cloud is an integral part of the services that Google offers to its customers.
Privacy & Security in our Blog
Leave your contact details and look forward to a personal 45-minute demo via video conference with our experts and learn how you can benefit from jacando.
![You can see a users cursor on the sleek jacando interface](/_next/static/media/visual_calendar_dark.6ad7f967.png)
Always informed about new topics & functions with the jacando newsletter