Security Center

Start your security review
View & download sensitive information
Ask for information
Search items

Overview

Effectory information security and privacy measures are designed and implemented to protect the personal data of employees of customers, and survey results of customers.

Effectory is ISO 27001 and ISO 27701 certified for the above scope. Effectory is SOC 2 Type 2 audited successfully. A standardized vendor questionnaire according to CSA CAIQ is also available. A comprehensive whitepaper is available explaining in much more detail all Effectory technical and organizational measures to protect customer data. Below the documents, a selection of Effectory technical and organizational measures are explained at high-level.

Access to all these documents can be requested via this site using the provided buttons. It is also possible to optionally subscribe to updates of this page, including when new certificates or other documents are available. If you choose not to use this site, then please ask your Effectory sales consultant or Effectory customer success manager directly to obtain the desired documentation.

Compliance

GDPR Logo
GDPR
ISO 27001 Logo
ISO 27001
ISO 27001 SoA Logo
ISO 27001 SoA
ISO 27701 Logo
ISO 27701
SOC 2 Logo
SOC 2
Start your security review
View & download sensitive information
Ask for information

Selection of customers that use and trust Effectory:

Jumbo Supermarkten-company-logoJumbo Supermarkten
PostNL-company-logoPostNL
Schiphol-company-logoSchiphol
bol.com-company-logobol.com
ANWB-company-logoANWB
Menzis-company-logoMenzis
Hogeschool Utrecht-company-logoHogeschool Utrecht
Achmea-company-logoAchmea
Rijnstate-company-logoRijnstate
Noordwest Ziekenhuisgroep-company-logoNoordwest Ziekenhuisgroep
BDO Nederland-company-logoBDO Nederland
München Klinik-company-logoMünchen Klinik
edding-company-logoedding
DPD-company-logoDPD
Royal FloraHolland-company-logoRoyal FloraHolland
Exact-company-logoExact
Catalana Occidente-company-logoCatalana Occidente
Icelandair-company-logoIcelandair
Hunkemöller-company-logoHunkemöller
Tony's Chocolonely-company-logoTony's Chocolonely
Capri-Sun-company-logoCapri-Sun
Kramp-company-logoKramp
Security Whitepaper
ISO 27001
ISO 27001 SoA
Pentest Report
SOC 2 Report
Vulnerability Assessment Report
ISO 27701
CAIQ

Risk Profile

Data Access LevelRestricted
Impact LevelLow
Critical DependenceNo
View more

Product Security

Audit Logging
Integrations
Multi-Factor Authentication
View more

Reports

Pentest Report
Security Whitepaper
SOC 2 Report
View more

Self-Assessments

CAIQ

Data Security

Access Monitoring
Backups Enabled
Encryption-at-rest
View more

App Security

Responsible Disclosure
Code Analysis
Credential Management
View more

Data Privacy

Cookies
Data Breach Notifications
Data Into System
View more

Access Control

Data Access
Logging
Password Security

Infrastructure

Azure
BC/DR
Separate Production Environment

Endpoint Security

Disk Encryption
DNS Filtering
Endpoint Detection & Response
View more

Network Security

Data Loss Prevention
DNSSEC
Firewall
View more

Corporate Security

Email Protection
Employee Training
HR Security
View more

Security Grades

SecurityScorecard
Effectory.com
Security Scorecard A grade
Qualys SSL Labs
My Effectory
A+
Survey questionnaires
A+
Security Headers
My Effectory
A
Survey questionnaires
A

Trust Center Updates

Effectory achieved SOC 2 Type II for 2023

GeneralCopy link

Effectory recently completed a SOC 2 Type II audit. This means independent, accredited auditors examined the Effectory technological and organizational controls for protecting customer data. The auditors' findings are that these controls are adequate for the data protection scope. Furthermore, the design, existence, and operating effectiveness of these controls are assessed with positive outcome during January 1, 2023, until September 30, 2023. The report can be downloaded on this site.

Published at N/A

Effectory transitioned to ISO 27001:2022

GeneralCopy link

Effectory successfully transitioned in April 2023 to the new ISO 27001:2022 standard - the recent major revision of information security from ISO since 2013. This replaces the previous ISO 27001:2013 standard. The new certificate awarded to Effectory is uploaded on this portal as well as the accompanying Statement of Applicability version 21. In addition to the existing controls, Effectory now also included all new controls of ISO 27001:2022 in the Statement of Applicability:

  • Threat intelligence
  • Information security for use of cloud services
  • ICT readiness for business continuity
  • Physical security monitoring
  • Configuration management
  • Information deletion
  • Data masking
  • Data leakage prevention
  • Monitoring activities
  • Web filtering
  • Secure coding
Published at N/A

Nebu update

GeneralCopy link

Effectory does NOT use Nebu software.

In light of the recent data breach in the news about questionnaire surveying tool from Nebu, Effectory wants to reassure its customers that Effectory does NOT use Nebu and never has. Effectory also does NOT use any other 3rd party questionnaire surveying tool.

Effectory develops all of its software components including survey questionnaire fully in-house by Effectory software development department. For this Effectory uses two sub processors: Microsoft Azure (for hosting web applications and data storage) and MailJet (for bulk sending survey invitation emails with links to Effectory questionnaire surveying tool). Effectory sub processors are located in EU/EEA and are subject to annual supplier review by Effectory.

More information can be found on this Trust Center portal of Effectory.

Published at N/A*
Powered bySafeBase Logo