Security and trust: How we ensure compliance and protect data 

Fredrik Lernevall

Written by Fredrik Lernevall, Information Security Manager at Penneo
Publishing date: 29 October 2024

In an era where data protection and compliance are critical for every business, it’s essential to understand how companies like Penneo are dedicatedly working in these areas. With over 3000 companies putting their trust in Penneo, including Big 4 accounting firms, it’s not just our technology and user friendliness that sets us apart, but also our commitment to upholding the best practice standards for information security and privacy.

The Importance of ISO Certifications

ISO 27001 and ISO 27701 are among the most recognized global standards for information security and data protection. Our ISO certifications are fundamental for us, as they are proof that we have the right measures in place to protect our customers’ data, provide reliable services, and continuously work on further enhancing our security efforts in an ever changing environment. Furthermore, they serve as a quality stamp on our data protection efforts.

ISO 27001 covers a wide range of information security measures, while ISO 27701 focuses on privacy and personal data, which is critical in light of GDPR.

Best Practices and Industry Standards

We follow the standards set by ISO 27001 and ISO 27701, ensuring comprehensive protection across organisational, technical, and physical domains.

Robust Security Framework with ISO 27001

ISO 27001 encompasses mandatory management controls, as well as further controls, which are grouped into four categories:

  • Organisational controls
  • People controls
  • Physical controls
  • Technological controls

Examples of these measures include ISMS policies, access control, backups, encryption, and awareness training.

Comprehensive Privacy Protection with ISO 27701

Building on ISO 27001, ISO 27701 introduces privacy-specific requirements for organisations acting as controllers and/or processors of personal data. Penneo adheres to both, ensuring lawful data processing, consent management, privacy by design and default, and efficient handling of data access, correction, and erasure requests.

Our customers’ require us to ensure confidentiality and the integrity of their data as well as a reliable service that ensures the availability of that same data. Also, since our customers are based within the EU and need to be GDPR compliant, they extend that requirement to their vendors and therefore need assurance about our compliance. ISO 27001 and 27701 make sure we at Penneo cover all those aspects that are so very important to our customers.

Building trust and security

One of the major advantages of Penneo is our ability to integrate these security standards into our daily operations, ensuring that both large and small customers experience a secure and reliable service. Our clients choose us not only for our technology but also for the trust and security we offer through our certifications and our accessibility.

Besides certifications, Penneo is known for its high level of service. Our strong support team and dedicated account managers are always ready to assist and tailor solutions that meet specific needs. As a company, our top priority is to protect your data and ensure compliance. By choosing Penneo, you can be assured that your data is handled with the utmost care and protection, supported by leading industry standards and a knowledgeable support system.

Explore more resources

eIDAS 2.0

Die Novellierung der eIDAS-Verordnung: Bedeutung für digitale Transaktionen und Identitätsverifizierung

READ MORE

9 Empfehlungen für die Wahl eines geeigneten KYC-Systems

READ MORE

Geldwäschegesetz-Konformität in der Buchhaltungsbranche

READ MORE