Security first  

We believe that every SaaS Company should start their compliance journey by implementing a rigorous Information Security Management System (ISMS). At Compleye, we advise our clients to integrate the ISO27001 norm in the core of their compliance processes. An external auditor once referred to the ISO27001 as ‘Your licence to operate’. We stand by that statement, and we believe that the ISO27001 certification enables immediate trust between your company and your customers. And because we practise what we preach, Compleye is currently engaged in the final preparations for our own ISO 27001 certification. We are thrilled about it and we can’t wait to share the good news with you in November 2022. 

List of Sub processors: 

Security Documents – available upon request 

  • Security Policy 
  • ISO27001 – Statement of Applicability  
  • External Auditor  
    https://www.dnv.com/  

Privacy next 

Without an adequate security system, you can’t protect the privacy of your customers and end-users. Being compliant with GDPR is part of our ISMS. In 2022 we implemented a PIMS (Privacy Information Management System) for one of our SuperCoolCustomers  https://compleye.io/compleye-assists-scale-up-moove-in-navigating-the-journey-to-iso-27701/ following the ISO27701 requirements. This is an example of the highest level of legal compliance; every nitty-gritty-detail of the GDPR needs to be documented and verified. We are extremely proud that Compleye could be part of this certification with our expert privacy officers making sure every ‘i’ was dotted and every ‘t’ crossed.  

Compleye has also adopted the ISO27701 best practices. 

  • Compliance with the GDPR requirements and the relevant data protection legislation and/or regulation during the development and maintenance of the ISMS framework. 
  • Appointment of the Privacy Officer as a point of contact for use by the customer regarding the processing of personal data. 
  • Implementation of a data classification system taking into consideration the processed personal data. 
  • Adoption of the appropriate measures, including awareness of incident reporting, to ensure that the staff members are aware of the possible consequences of breaching privacy or security policies and procedures. 
  • Implementation of the policies and procedures to address the requirements for backup, recovery and restoration of personal data.  
  • Implementation of appropriate controls to safeguard the principles of privacy by design and privacy by default. 
  • Implementation of appropriate controls and procedures to identify and report personal data breaches. 
  • Identification of interested parties, in particular of those that have interests or responsibilities associated with the processing of personal data, including data subjects. 
  • Implementation of controls to ensure that the data processed on behalf of a customer are only processed for the purposes instructed by the customers. 
  • Implementation of controls and processes to assist customers in meeting their obligations under the GDPR and any other relevant laws and regulations. 
  • Maintenance of up-to data registry of data processing activities. 
  • Implementation of adequate organisational and technical arrangement to comply with the data subject rights requests. 
      • Implementation of controls and processes to engage, change and disclose the use of sub-processors. 
      • Implementation of controls to respect the data retention reequipments. 
      • Documentation of policies, procedures and/or mechanisms for the disposal of personal data. 
      • Adoption of appropriate security and technical controls designed to ensure that the data reaches its intended destination. 
      • Identification and documentation of the relevant basis for transfers of personal data between jurisdictions. 

      Privacy Documents: 
      Cookies Notice – https://compleye.io/cookies-notice/ 
      Privacy Policy – https://compleye.io/privacy-policy/ 
       
      Quality last but not least 
      We work hand-in-hand with our clients and make sure that we have customer feedback loops in place for all of our platform tools and all of our services.  

      Quality Documents 
      Terms of Use – https://compleye.io/terms-of-use/ 
      Terms & Conditions – https://compleye.io/terms-conditions/ 

      Pagina-einde 

      Compliance is the New Operational Excellence 

       Our start-upper package supports the control of our operations: HR, suppliers, HW assets and SW access as a first step on the compliance roadmap. After implementing a security and privacy framework, we will close the compliance circle by adopting the ISO9001 requirements. All evidence is stored in one platform, combining policies and procedures, improvements, assessments and controls creating a holistic view of our product and services with regards to security, privacy and quality.  

      More information:  

      Please contact our Compliance Officer  Amandine@compleye.io