Security Center

Get access to this Security Center
  • Review sensitive security details
  • Unlock documents
  • Ask for more information
  • Reclaim access anytime
Had access before? Reclaim access

Overview

Effectory information security and privacy measures are designed and implemented to protect the personal data of employees of customers, and survey results of customers.

Effectory is ISO 27001 and ISO 27701 certified for the above scope. Effectory is SOC 2 Type 2 audited successfully. A standardized vendor questionnaire according to CSA CAIQ is also available. A comprehensive whitepaper is available explaining in much more detail all Effectory technical and organizational measures to protect customer data. Below the documents, a selection of Effectory technical and organizational measures are explained at high-level.

Access to all these documents can be requested via this site using the provided buttons. It is also possible to optionally subscribe to updates of this page, including when new certificates or other documents are available. If you choose not to use this site, then please ask your Effectory sales consultant or Effectory customer success manager directly to obtain the desired documentation.

Compliance

GDPR Logo
GDPR
ISO 27001 Logo
ISO 27001
ISO 27001 SoA Logo
ISO 27001 SoA
ISO 27701 Logo
ISO 27701
SOC 2 Logo
SOC 2
SOC 3 Logo
SOC 3
Get access to this Security Center
  • Review sensitive security details
  • Unlock documents
  • Ask for more information
  • Reclaim access anytime
Had access before? Reclaim access

Selection of customers that use and trust Effectory:

Jumbo SupermarktenJumbo Supermarkten
PostNLPostNL
SchipholSchiphol
bol.combol.com
ANWBANWB
MenzisMenzis
Hogeschool UtrechtHogeschool Utrecht
AchmeaAchmea
RijnstateRijnstate
Noordwest ZiekenhuisgroepNoordwest Ziekenhuisgroep
BDO NederlandBDO Nederland
München KlinikMünchen Klinik
eddingedding
DPDDPD
Royal FloraHollandRoyal FloraHolland
ExactExact
Catalana OccidenteCatalana Occidente
IcelandairIcelandair
HunkemöllerHunkemöller
Tony's ChocolonelyTony's Chocolonely
Capri-SunCapri-Sun
KrampKramp

Documents

All
Public
Private
Security Whitepaper
ISO 27001
ISO 27001 SoA
Pentest Report
SOC 2 Report
SOC 3 Report
Vulnerability Assessment Report
ISO 27701
SOC 2
SOC 3
CAIQ

Risk Profile

Data Access LevelRestricted
Impact LevelLow
Critical DependenceNo
See more

Product Security

Audit Logging
Integrations
Multi-Factor Authentication
See more

Reports

Pentest Report
Security Whitepaper
SOC 2 Report
See more

Self-Assessments

CAIQ

Data Security

Access Monitoring
Backups Enabled
Encryption-at-rest
See more

App Security

Responsible Disclosure
Code Analysis
Credential Management
See more

Legal

SubprocessorsMicrosoftMailjetEffectory
Cyber Insurance
Data Processing Agreement
See more

Data Privacy

Cookies
Data Breach Notifications
Data Into System
See more

Access Control

Data Access
Logging
Password Security

Infrastructure

Azure
BC/DR
Separate Production Environment

Endpoint Security

Disk Encryption
DNS Filtering
Endpoint Detection & Response
See more

Network Security

Data Loss Prevention
DNSSEC
Firewall
See more

Corporate Security

Email Protection
Employee Training
HR Security
See more

Security Grades

SecurityScorecard
Effectory.com
Security Scorecard A grade
Qualys SSL Labs
My Effectory
A+
Survey questionnaires
A+
Security Headers
My Effectory
A
Survey questionnaires
A

Trust Center Updates

Effectory transitioned to ISO 27001:2022

GeneralCopy link

Effectory successfully transitioned in April 2023 to the new ISO 27001:2022 standard - the recent major revision of information security from ISO since 2013. This replaces the previous ISO 27001:2013 standard. The new certificate awarded to Effectory is uploaded on this portal as well as the accompanying Statement of Applicability version 21. In addition to the existing controls, Effectory now also included all new controls of ISO 27001:2022 in the Statement of Applicability:

  • Threat intelligence
  • Information security for use of cloud services
  • ICT readiness for business continuity
  • Physical security monitoring
  • Configuration management
  • Information deletion
  • Data masking
  • Data leakage prevention
  • Monitoring activities
  • Web filtering
  • Secure coding
Published at N/A

Nebu update

GeneralCopy link

Effectory does NOT use Nebu software.

In light of the recent data breach in the news about questionnaire surveying tool from Nebu, Effectory wants to reassure its customers that Effectory does NOT use Nebu and never has. Effectory also does NOT use any other 3rd party questionnaire surveying tool.

Effectory develops all of its software components including survey questionnaire fully in-house by Effectory software development department. For this Effectory uses two sub processors: Microsoft Azure (for hosting web applications and data storage) and MailJet (for bulk sending survey invitation emails with links to Effectory questionnaire surveying tool). Effectory sub processors are located in EU/EEA and are subject to annual supplier review by Effectory.

More information can be found on this Trust Center portal of Effectory.

Published at N/A*
Powered BySafeBase Logo