Effectory information security and privacy measures are designed and implemented to protect the personal data of employees of customers, and survey results of customers.
Effectory is ISO 27001 and ISO 27701 certified for the above scope. Effectory is SOC 2 Type 2 audited successfully. A standardized vendor questionnaire according to CSA CAIQ is also available. A comprehensive whitepaper is available explaining in much more detail all Effectory technical and organizational measures to protect customer data. Below the documents, a selection of Effectory technical and organizational measures are explained at high-level.
Access to all these documents can be requested via this site using the provided buttons. It is also possible to optionally subscribe to updates of this page, including when new certificates or other documents are available. If you choose not to use this site, then please ask your Effectory sales consultant or Effectory customer success manager directly to obtain the desired documentation.
Effectory recently the SOC 2 Type II audit for 2024. This means independent register auditors examined the Effectory technological and organizational controls for protecting customer data. The auditors' findings are that these controls are adequate for the data protection scope. Furthermore, the design, existence, and operating effectiveness of these controls are assessed with positive outcome during January 1, 2024, until September 30, 2024. The report can be downloaded on this site.
Effectory recently completed a SOC 2 Type II audit. This means independent, accredited auditors examined the Effectory technological and organizational controls for protecting customer data. The auditors' findings are that these controls are adequate for the data protection scope. Furthermore, the design, existence, and operating effectiveness of these controls are assessed with positive outcome during January 1, 2023, until September 30, 2023. The report can be downloaded on this site.
Effectory successfully transitioned in April 2023 to the new ISO 27001:2022 standard - the recent major revision of information security from ISO since 2013. This replaces the previous ISO 27001:2013 standard. The new certificate awarded to Effectory is uploaded on this portal as well as the accompanying Statement of Applicability version 21. In addition to the existing controls, Effectory now also included all new controls of ISO 27001:2022 in the Statement of Applicability:
- Threat intelligence
- Information security for use of cloud services
- ICT readiness for business continuity
- Physical security monitoring
- Configuration management
- Information deletion
- Data masking
- Data leakage prevention
- Monitoring activities
- Web filtering
- Secure coding
Effectory does NOT use Nebu software.
In light of the recent data breach in the news about questionnaire surveying tool from Nebu, Effectory wants to reassure its customers that Effectory does NOT use Nebu and never has. Effectory also does NOT use any other 3rd party questionnaire surveying tool.
Effectory develops all of its software components including survey questionnaire fully in-house by Effectory software development department. For this Effectory uses two sub processors: Microsoft Azure (for hosting web applications and data storage) and MailJet (for bulk sending survey invitation emails with links to Effectory questionnaire surveying tool). Effectory sub processors are located in EU/EEA and are subject to annual supplier review by Effectory.
More information can be found on this Trust Center portal of Effectory.