Today I wanted to provide an update on CafeX’s Security and Compliance initiatives since I last wrote.
It has been a busy few months preparing for GDPR and ISO 2700 certification. May 25th, 2018 seems a long time ago, but our efforts to ensure we were ready for the GDPR review have been successful. We updated a few internal processes along with our privacy policies, but it was great to see that the hard work had already been done for the most part.
We successfully completed our Stage 2 audit by British Standards Institute in September and are waiting for the certificate to be issued. We had 7 days of intense auditing from BSI onsite in Cardiff. The final result was 3 minor non-conformities that have all now been resolved.
Our US office audit is scheduled for November 2018, which will complete the entire process.
Keeping our customers’ information safe and confidential is of utmost importance to us, and this certification demonstrates our commitment to maintaining a high standard for information security management throughout our organization.
CafeX is now undertaking SOC2 Type 2 certification for all of our software-as-a-service (SaaS) products. The kickoff for this happened in late September, and we hope to achieve full certification by March 1st, 2019.
Information on our compliance is available on our dedicated Security and Compliance site: https://compliance.cafex.com.
If you have any questions around our Information Security programs, please contact email@example.com.