The security of our data, policies and customer information is our top priority at DueDil.
We are committed to the protection of personal data and the fundamental rights of data subjects, in compliance with relevant laws such as the General Data Protection Regulation (GDPR). In order to support a robust approach to personal data protection and information security in general, DueDil has adopted recommendations by supervisory authorities and industry best practices.
DueDil has implemented an information security management system (ISMS), achieving ISO/IEC 27001 certification in 2015. The scope of our ISMS covers all areas of the business, and we are constantly striving to advance our policies and procedures. In particular, we are expanding our security controls based on ISO/IEC 27002:2013 to include recommendations set out in ISO/IEC 29151:2017, a recently published standard that provides guidance for the protection of personally identifiable information.
We have recently expanded our policies and procedures related to all information assets containing personal data to ensure data protection by design, as well as to meet other GDPR requirements. In particular, we are conducting data protection impact assessments in line with the recently published standard ISO/IEC 29134:2017.
The security and privacy landscape is continually evolving and we will strive to be at the forefront of those best practices and policies.