There are strict security requirements in all aspects of our business. Furthermore, we have implemented procedures to ensure that the data is stored and encrypted and is inaccessible to third parties. You can read more about our hosting environment under the tab “Data Storage”.
All connections to and from Penneo undergo encryption, and security controls are implemented, which ensure that any irregularities are discovered. This guarantees that the data you send and receive from Penneo is securely exchanged. All documents that are sent to Penneo are naturally stored encrypted, and the encryption is done with 256-bit AES-keys.
Penneo’s solution is based on the recommended standards from the European Telecommunications Standards Institute (ETSI, www.etsi.org), among others. In Denmark, we utilize the infrastructure behind NemID to ensure the identity of the individual signatories, in the same manner that is used in Danish online banking. Furthermore, we work with a number of trusted third party systems, which helps to ensure the integrity of our evidence chains.
Penneo allows documents to be stored in the recommended ISO certified (ISO 19005-1:2005) PDF/A-1 format, which is ideal for long-term storage of electronic documents – if the original PDF document meets the necessary standard.
The documents uploaded to the Penneo system must be supplied in the standard PDF format, and are ultimately returned as a PAdES-PDF. This file then contains all the signatures’ evidence, and the file is locked to changes and is enabled for long-term storage, Long Term Validation (LTV).
You can see an example of a signed document with Penneo by clicking here (Should be opened in Adobe Reader).
All employees at Penneo must have no criminal record and must undergo a background check before employment. Each employee only has access to what is absolutely necessary for the employee to perform their work, essentially operating on a strict ‘need to know basis’, ensuring that only specifically authorized employees have the ability to access critical data in the application. At the same time, it is not possible for an employee to perform work on the Penneo system without leaving a digital fingerprint, which shows all the actions that were taken.
External Safety Analyzes
We have safety analyzes available, which are prepared by an independent third party, the Alexandra Institute.
You can read more about the certifications for our hosting environment here
For continuous testing, we work with Crowdcurity.com, which ensures that our system is continuously tested by security experts from around the world.