The road to ISO 27001

Security and
Compliance at jacando

Security is at the heart of what we do - we help our customers improve their security and compliance, starting with ourselves.

Alexander Pelka

Co - Chief Executive Officer

At jacando we firmly believe that security isn't just a feature; it's our foundation. Our commitment to robust security measures isn't just about protecting data; it's about safeguarding trust.

Compliance @jacando via Vanta

Ensuring the protection of our customer-related data is of utmost importance for our company. It is crucial that we ensure all information collected about our customers is used only for the necessary purposes.

Infrastructure security

Organizational security

Internal security procedures

Product security

Google Cloud Security

The security of Google Cloud is an integral part of the services that Google offers to its customers.

Insight into jacando’s security poilicies – Information handling

All information assets must be classified according to their sensitivity level. Employees are responsible for handling and protecting information according to its classification. It is important to ensure that appropriate measures are taken to maintain confidentiality, integrity and availability.

Purpose Limitation

Customer-related data may only be used for the defined and necessary business purposes. Any usage not directly related to operational requirements is strictly prohibited.

Local Storage and Usage

Local storage and usage of customer data on personal devices or local servers are generally prohibited. All data must be stored and processed on the designated and secure company systems.

Dissemination & Sharing

The dissemination or sharing of customer data with external parties is strictly prohibited unless explicit approval is granted by the customer.

Exceptional Cases and Approval

In specific situations, local storage of customer data may be required, but prior approval from Timo Zimmermann or Alexander Pelka is essential. Unauthorized actions will be deemed policy violations.

Security and Accountability

Each employee is obligated to take security measures to protect customer-related data from unauthorized access or loss. It is the responsibility of each one to ensure compliance and protection.

Compliance duty

Failure to adhere to these guidelines may result in disciplinary measures and legal repercussions. We urge every individual to responsibly manage customer data and promptly report any uncertainties or concerns to management.

Our path to ISO 27001 certification

The implementation of an information security management system (ISMS) in accordance with the ISO 27001 standard comprises several steps, which are roughly outlined below:

Last updated on 07.05.2024

Defining preparation and responsibilities

Development of measures to deal with the identified risks. This can include the implementation of security controls, processes and guidelines.

Carry out initial analysis

Assessment of the current status of information security in the company. This includes the identification of assets, threats, vulnerabilities and risks.

Definition of the scope of application

Definition of the scope of application of the ISMS, i.e. which parts of the company and which information is to be covered.

Carry out risk assessment

Identification and assessment of risks in connection with the company's information and information systems of the company. This includes the definition of risk assessment criteria and the prioritization of risks.

Definition of risk assessment criteria

Prioritization of risks

Plan risk treatment

Development of measures to deal with the identified risks. This can include the implementation of security controls, processes and guidelines.

Documentation and implementation of controls

Creation of documents such as guidelines, procedural instructions and controls that fulfill the security requirements of ISO 27001. These controls should aim to mitigate the identified risks.

Documentation Security

ISO 27001 Compliance

Risk Mitigation

Security Documentation

Carry out internal audits

Conduct internal audits to ensure that the ISMS meets the requirements of the ISO 27001 standard and functions effectively.

Conduct management review

Regular assessment of the ISMS by management to ensure that it is appropriately implemented and effective. This includes reviewing key performance indicators and identifying opportunities for improvement.

Review of KPIs

Identification of opportunities for improvement

Certification preparation

Preparation for certification by an accredited certification body. This can include a comprehensive review of the ISMS and documentation of conformity with the ISO 27001 standard.

Obtaining and maintaining certification

Carrying out the certification audits by an external certification body and obtaining ISO 27001 certification. The ISMS must be continuously monitored and improved in order to maintain certification.

Safety @jacando

"Security by Design" is an approach that aims to integrate security aspects into the development process of products and systems, rather than treating them as an afterthought. This approach aims to ensure that security considerations are taken into account from the outset in all phases of product development.

Risk assessment

Identification of potential security risks and threats at an early stage of product development. This makes it possible to plan and implement appropriate security measures to mitigate these risks.

Security architecture

Safety requirements

Security checks

Training and awareness

Questions & Answers

FAQ on the topic of security & compliance

If you have any questions about the security of jacando, you can contact us or your administrators at any time for further information and to ensure that your data is adequately protected.

How secure is our data in a cloud HR tool?

jacando has implemented strict security measures to ensure the confidentiality, integrity and availability of your data. These include encryption technologies, access controls, regular security audits and compliance with industry standards such as ISO 27001.

Who has access to our HR data in the cloud?

How is data security guaranteed in a cloud HR tool?

What measures are taken to comply with data protection regulations?

Maximum security in the Google Cloud

The security of Google Cloud is an integral part of the services that Google offers to its customers.

Privacy & Security  in our Blog

Security and Compliance

Google Cloud Security - Maximum security and data protection compliance

Read how Google Cloud protects your data and meets all compliance requirements.