absentify is committed to maintaining the highest standards of security and privacy through rigorous certifications and comprehensive data protection measures. This document provides an in-depth look at our ISO 27001 and Microsoft 365 App Certifications, their alignment with other standards like SOC 2, and our GDPR compliance practices.

Certifications overview

ISO 27001: comprehensive information security and management systems

The ISO 27001 certification confirms that absentify has implemented an effective Information Security Management System (ISMS) to protect the confidentiality, integrity, and availability of information. Key components include:

Establishing and operating an ISMS

  1. Policy development and documentation:

    • Clear guidelines for data handling and security objectives.
    • Defined processes for achieving and maintaining compliance.

  2. Asset management:

    • Identification of critical information assets and their protection.
    • Risk-based prioritization of safeguards.

  3. Continuous improvement:

    • Ongoing internal audits and management reviews.
    • Regular updates to address evolving threats.

Technical and organizational security measures

  1. Risk management:

    • Systematic identification and mitigation of security risks.
    • Proactive measures to address vulnerabilities.

  2. Access and permissions management:

    • Role-based access control with regular reviews.
    • Multi-factor authentication to ensure secure access.

  3. Technical defenses:

    • Use of encryption, firewalls, and intrusion detection systems.
    • Regularly updated measures to address emerging threats.

Incident response and business continuity

  • Incident management: Defined processes for reporting, resolving, and analyzing security incidents.
  • Disaster recovery: Tested recovery plans to maintain operational continuity.
  • External audits: Annual reviews and recertifications every three years by accredited bodies.

Microsoft 365 App Certification: trusted application security

Microsoft’s annual App Certification process ensures that applications meet stringent security, compliance, and privacy standards.

Application security: protection throughout development

  1. Secure development lifecycle (SDL):

    • Implementation of best practices during development to prevent vulnerabilities such as SQL injection or configuration errors.
    • Regular code reviews and automated security testing.

  2. Vulnerability management:

    • Regular vulnerability scans and penetration tests.
    • Defined timeframes for resolving identified issues.

  3. Code assessments and security reviews:

    • Conducted by Microsoft employees or external security experts.
    • Verification of compliance with Microsoft’s security guidelines.

Operational security: securing application operations

  1. Access control and authentication:

    • Enforcement of multi-factor authentication for all access points.
    • Regularly audited role-based access permissions.

  2. Logging and monitoring:

    • Comprehensive logging of security-related events.
    • Real-time monitoring to identify and address potential threats.

  3. Incident management:

    • Validated recovery plans to restore services in the event of a security breach.

Data handling and privacy: safeguarding user data

  1. Data encryption:

    • End-to-end encryption using TLS 1.2+ for communications and AES-256 for data at rest.

  2. Data minimization and transparency:

    • Collection limited to what is strictly necessary for operations.
    • Clear and user-friendly privacy policies to ensure transparency.

For more information, refer to Microsoft’s App Certification details.

GDPR compliance and data protection policies

absentify ensures full compliance with GDPR, providing secure, transparent, and user-centric data handling.

GDPR highlights

  • Data Processing Agreement (DPA):
    Customers can download and sign our DPA to formalize compliance.
  • Transparent practices:
    Users retain full control over their personal data, with clear options for access, modification, or deletion.
  • Incident reporting:
    Data protection incidents are reported to supervisory authorities within 72 hours, in accordance with GDPR guidelines.

Data retention and deletion policies

Immediate deletion

When a company deletes its account, all related data is removed from active systems immediately.

Important: Deletion is irreversible. Once completed, data cannot be recovered.

Backup retention

Encrypted backups are maintained for 14 days for disaster recovery purposes, after which they are securely overwritten.

This retention policy allows for a brief recovery window while ensuring permanent data deletion.

Alignment with SOC 2 and other standards

Our certifications align with SOC 2 Trust Service Criteria (TSC), ensuring:

  1. Security:
    Controls like access management, encryption, and real-time monitoring safeguard data.
  2. Availability:
    Business continuity plans ensure service reliability and uptime.
  3. Confidentiality and privacy:
    GDPR compliance ensures secure and lawful data handling.

Why this matters

The combination of ISO 27001, Microsoft 365 App Certification, SOC 2 alignment, and GDPR compliance underscores our dedication to protecting your data. With transparent practices, regular audits, and cutting-edge security measures, you can trust absentify to handle your information responsibly.

For further details, contact us at support@absentify.com or visit our Privacy Policy.

Was this page helpful?