As the Information Security & Compliance Officer at CaféX, it’s my responsibility to ensure that both our business and customer data remains confidential, available, secure and maintains its integrity. With that in mind, I wanted to provide you with a quick update on our ISO27001 certification and GDPR.
We have successfully passed our Internal Audit with Agenci, meaning we’re now assured to the ISO27001:2013 standard. We have also just passed our stage 1 audit with the BSi, and will be completing our final stage 2 audit in June 2018.
It’s been fantastic to watch the business develop since implementing these standards, with our employees and contractors now more risk aware than ever. It gives me great pride to have been involved in the exercise, and thanks again to Agenci for all of their support.
Now on to GDPR. Long story short, we’re ready! With a few minor final changes to our privacy policies, and following a formal notification to our customers our preparation will be complete.
Information on our compliance is available on our dedicated Security and Compliance site: https://compliance.cafex.com.
Our employees have undertaken GDPR awareness training so they understand their obligations, and as a SaaS company we’ve always been mindful of developing applications and services with security in mind. The GDPR will only help us get better.
We, like all companies should embrace GDPR, giving our customers and employees even more protection with regards to personal information and privacy.
We will be celebrating the GDPR on the 25th May, look out for some pictures on our social media channels! Follow us at @cafexcomms on Twitter, check out our Facebook page or visit our LinkedIn profile.
If you have any questions relating to GDPR, subject access or right to be forgotten requests please email firstname.lastname@example.org.