Data security is our top priority. Within any area that affects IT security, we have well-established procedures that secure your data.
Conference Manager is now fully ISO 27001 certified
At Conference Manager, it is our top priority to protect our data, systems and services. To ensure that safety is an integral part of all our actions, we have implemented the ISO 27001 standard. In practice, this means that we consider security aspects in all our actions, from the separation of operations and development to the way we handle customer service.
ISO 27001 certification
Conference Manager is ISO 27001 certified. ISO 27001 is an international standard defined by the International Organization for Standardization (ISO), which describes a framework for information security management in order to ensure the confidentiality, integrity and accessibility of the company's information.
An important part of the work to achieve the desired level of safety, is a continuously risk assessments. The ISO standard focuses on whether the company continuously improves its information security through risk assessments as well as monitoring and reporting.
To be certified in ISO 27001, the company's management system must be reviewed annually by an external auditor. With the certification, we can provide stakeholders documentation of a high level of safety.
Our customers’ data is safe with us
First and foremost, it is important that our customers are completely confident with leaving data to us. They must be able to focus on their business and not worry about how their data is processed. Often, as a data processor we handle sensitive information, which gives us a high-risk profile regarding data security management. It is therefore important that we have a standard that supports our process, in order to continuously maintain and improve our safety. With our ISO 27001 certification, we now have documentation of this.
In order to maintain our ISO 27001 certification. We will be audited annually, and every 3. year we must be re-certified. The evaluation and certification-process has been carried out by DNV GL, who are one of the leading global providers of accredited management system certification.
Security is mandatory, but the documentation is voluntary
The entire Conference Manager organization is subject to the ISO27001 system, and everything we do is subject to extensive security measures. When using Conference Manager, the security automatically follows.
The documentation that we comply with the safety standard and our associated SoA (Statement of Applicability) can be forwarded, if you wish. If your organization requires you to have documentation of the security measures that have been implemented, and documentation that we always complies witho the requirements, you must have a subscription to our security package, which ensures that you receive a copy of our official certificate and the related certified document describing the specific security measures (SoA).
Activities are automatically logged
All participants' actions are recorded, ensuring a solid overview down to the smallest detail.
We are always disposal to your organisation's data security expert to guarantee compliance with security policies. Our extensive experience in the field allows you to quickly describe a policy for how Conference Manager processes your confidential data.
Conference Manager is encrypted via TLS (https). The encryption certificates are often updated and the keys are also changed according to set standards. Whether it is setup and management of events or participants' enrolment process, data is completely secured, when using Conference Manager.
As a starting point, we save data for 6 months, after your event has been organised, in order to meet the typical legislation. Should the need be different, our standard packages contain data storage for 6, 24 or 60 months. All data is stored in Conference Manager's own data centre, and we do not use external parties for operation or hosting. Thus, we have no data located outside the EU/EEA.
GDPR - EU Data Protection Regulation
It is now well-known that the EU Data Security Regulation, also known as the Personal Data Regulation, entered into force on May 25, 2018.
Everyone must therefore have a data-processing agreement that complies with the requirements of GDPR. In practice it is impossible to overcome satisfactory GDPR implementation without IT systems matching the regulatory requirements. This means, among other things, that you should be able to:
- ensure obtaining informed consent (and in some cases explicit consent) for processing personal data
- allow for revocation / cancellation of consent to the treatment, unless the treatment is required by law
- ensure transparency in processing so that individuals can accurately inform how and for what purpose their personal data are processed
- ensure documentation of who has had access to personal data
- allow people to delete their data
Conference Manager enables you to easily comply with the regulations. Without the use of a specific IT system, it becomes an almost impossible task.
Data processing agreement
Conference Manager has no independent right to your data. It is you, as our customer, who is the data manager for the content you provide in Conference Manager, and therefore you have a requirement to ensure that we meet our obligations.
Therefore, we conclude with all our customers a data processing agreement. It is an integral part of our agreement. Data Processing Agreement ensures that:
- It is described how and for how long we process and store your data
- A clear instruction has been given about how and what Conference Manager must do with your data and what to ensure
- That we have established (and continuously ensure) appropriate security measures
- Data can only be processed within the EU / EEA
- The type and categories of data are described based on your specific events
- Employees who may come into contact with data are subject to confidentiality
- We provide assistance to you if you have to provide information to authorities or registered persons, etc.
- Deletes your data permanently in accordance with our agreement, and at the latest when the agreement ends