Table of contents
We have always taken our customers’ data seriously. That is why we place the highest value on security. With the passed ISO 27001 certification as well as the successful tests according to BSI C5 and SOC 2, we objectively and credibly prove the effectiveness of our security processes and measures as well as transparency and integrity.
Why certified security is important
As the developer of the web-based alerting platform GroupAlarm, we are confronted with a large amount of confidential information and data from our customers on a daily basis. These include content such as alarm texts, messenger messages, deployment diaries and personal data with particularly sensitive characteristics. Particularly with such critical information, data privacy and IT security must meet the highest requirements, because the aspects of confidentiality, availability and integrity are top priorities not only according to our self-image as a reliable provider, but also for many customers.
In order to obtain objective proof of responsible handling of customer data, we decided last year to seek ISO 27001 certification as well as BSI C5 and SOC 2 testing. With success. Just recently, the independent auditing firm HKKG from Cologne certified us as of January 31 of this year for both compliance with the BSI’s minimum requirements from the Cloud Computing Compliance Criteria Catalogue (C5) and compliance with Service Organization Control 2 (SOC 2 Controls). GroupAlarm achieved another milestone - certification to the international standard ISO/IEC 27001:2013 by TÜV Rheinland - on April 24, 2023.
What does the BSI C5 testing mean?
The German Federal Office for Information Security (BSI) C5 criteria catalog specifies minimum requirements primarily aimed at professional cloud providers, their auditors and customers. The main objective of this 125 criteria catalog is to create more transparency with regard to information security and data protection in cloud computing. Through BSI C5 testing, we have proven that GroupAlarm meets the minimum requirements of the catalog. Among other things, this ensures that operational processes are audited and monitored, transactions are traceable, adequate safeguards against cyberattacks are in place, and data is reliably available and usable. Evidence was provided in a report by the independent auditing firm HKKG from Cologne. We are particularly proud that GroupAlarm was the first SaaS provider for alerting to receive BSI C5 attestation.
What are the benefits of SOC 2 compliance?
SOC 2 compliance is a major standard set by the American Institute of CPAs (AICPA) that establishes ethical standards and U.S. auditing standards. Although compliance with the SOC 2 standard is voluntary, it has become an important framework for evaluating data security, resilience, and privacy. Clear guidelines and rigorous audits by qualified auditors ensure that [organizations can address the specific threats in their sector - taking into account their existing security practices and business objectives.
Since our focus is also on the international market, we subjected GroupAlarm to a SOC 2 audit. This audited the criteria of security, availability, processing integrity, confidentiality and data protection. Reliable implementation of SOC 2 provides evidence to both business partners and customers internationally that GroupAlarm has a robust cybersecurity and data protection program in place, enabling us to prevent major security incidents.
Milestone: ISO 27001 Certification
ISO/IEC 27001 is an internationally recognized standard for an information security management system (ISMS) and is considered the most important certification in the cybersecurity field. The standard defines requirements for the implementation, further development and ongoing control of an ISMS to ensure the overriding protection goals of availability, confidentiality and integrity of information. With the ISO 27001 certification, the certification authority TÜV Rheinland AG confirms that GroupAlarm has implemented and applies an information security management system for development, operation and support. As part of the certification process, we first reviewed our internal processes and created a comprehensive Information Security Management System (ISMS) manual in accordance with DIN EN ISO 27001:2013. During the certification process, additional technical and organizational measures were implemented, focusing on the internal handling of information and personal data. Finally, the external audit was conducted by TÜV Rheinland. With ISO 27001 certification we ensure continuous improvement of our processes. So this is not just a one-time survey, but a continuous process standard that is reviewed and audited by external auditors.
What we learned during the certification/testing process
The successful testing of the BSI C5 and SOC 2 criteria as well as the receipt of the ISO 27001 certification are important milestones for us to meet the high requirements of our customers, partners and ourselves in a professional and secure manner. For example, we ensure greater transparency by complying with the BSI’s C5 catalog of requirements. Consideration of the SOC 2 criteria helps us to minimize risks and strengthen the trust of customers and partners. With ISO 27001 certification, we signal reliability and thus have an effective tool for managing information security.
The successful completion of the certification and testing process has taught us a lot as an organization, but also as a team. Probably the most important insight is that security is not a state, but an ongoing process. Particularly in the area of cybersecurity, where the technical framework is constantly changing, there is always something to be optimized. This is precisely why we see security and data protection as a permanent improvement process. Receiving BSI C5 and SOC 2 certification as well as ISO 27001 certification confirms that we can offer our customers the highest level of security and trust.