A certification audit conducted in October 2015, confirmed that BeeOffice solutions available in the cloud, BCC ECM and Edistrada meet the stringent standards for protection of stored data, contained in ISO 27018.
The certification unit of TÜV NORD Poland conducted the audit. The audit concerned the application offered to companies and institutions in the SaaS (Software as a Service) model. These include BeeOffice – innovative employee self-service portal for companies of all sizes, BCC Enterprise Content Management – solution supporting the flow of information and document management, as well as Edistrada – flexible platform for business data exchange. BeeOffice, BCC ECM and Edistrada are developed within the BCC Software Factory and maintained, based on the secure infrastructure of BCC Data Centers.
The auditors from TÜV NORD examined all technological and organizational aspects of maintenance, development and implementation of the application, which affect the safety and confidentiality of processed data. The subject of the audit constituted such process as:
- system for creating and maintaining backup data
- data encryption (both at the level of storage and transmission)
- management of changes in applications (among others the separation of the development, testing and production environments, and process of issuing a new version of the application)
- registration of users and administrators activity
- management of users accounts and their rights
The audit confirmed that the practices used in BCC meet the restrictive standards set out in ISO 27018.
“Using our products in the cloud, customers process data requiring special protection. These include for example – employees data in BeeOffice, agreements with contractors archived in BCCECM, transaction data with key customers on Edistrada platform. Now, thanks to the ISO 27018 certificate, our customers shall obtain an additional, independent guarantee of their security and confidentiality” – said Michał Kunze, Director of Software Development BCC.
The ISO 27018 certificate obtained by BCC extends the scope of functioning in BCC Information Security Managements System, in compliance with ISO 27001. ISO 27001 covers all issues related to protection created, stored, as well as information processed within the company. Its purpose is to verify and strengthen security while taking into account sources of threats, which may be people, business processes and technology.