Data security is our top priority. Within any area that affects IT security, we have well-established procedures that secure your data.
Conference Manager is now fully ISO 27001 certified
At Conference Manager, it is our top priority to protect our data, systems and services. To ensure that safety is an integral part of all our actions, we have implemented the ISO 27001 standard. In practice, this means that we consider security aspects in all our actions, from the separation of operations and development to the way we handle customer service.
ISO 27001 certification
Conference Manager is ISO 27001 certified. ISO 27001 is an international standard defined by the International Organization for Standardization (ISO), which describes a framework for information security management in order to ensure the confidentiality, integrity and accessibility of the company’s information.
An important part of the work to achieve the desired level of safety, is a continuously risk assessments. The ISO standard focuses on whether the company continuously improves its information security through risk assessments as well as monitoring and reporting.
To be certified in ISO 27001, the company’s management system must be reviewed annually by an external auditor. With the certification, we can provide stakeholders documentation of a high level of safety.
Our customers’ data is safe with us
First and foremost, it is important that our customers are completely confident with leaving data to us. They must be able to focus on their business and not worry about how their data is processed. Often, as a data processor we handle sensitive information, which gives us a high-risk profile regarding data security management. It is therefore important that we have a standard that supports our process, in order to continuously maintain and improve our safety. With our ISO 27001 certification, we now have documentation of this.
In order to maintain our ISO 27001 certification. We will be audited annually, and every 3. year we must be re-certified. The evaluation and certification-process has been carried out by DNV GL, who are one of the leading global providers of accredited management system certification.
Mandatory data protection package
When you purchase a license at Conference Manager, you also receive our mandatory data protection package, which ensures that your company complies with current legislation and at the same time can document, how your and your participants’ data is handled.
Conference Manager’s data protection package contains following documents:
- Executive summary: A summary covering your company’s use of Conference Manager and assessment of 12 sections, where we evaluate, whether the use of the system complies with the law, recommended security measures, etc. The report is based on a concrete assessment of your specific events, review of registration pages, boxes employed, the basis for contract, security functions, etc. The report also contains the management’s confirmation that personal data during the last reporting period has only been processed within the EU, and that we never use sub-data processors or cloud services.
- Statement of Applicability: Overview of all the security measures implemented by Conference Manager, cf. ISO 27001, and which are stated in the ISO 27001 certificate. The document contains more than 15 pages of descriptions and references to international standards, so that direct inspection of compliance with safety requirements can be made by authorities and companies, also complying with international security standards.
- ISO/IEC 27001:2013 certificate issued by DNV-GL
- GDPR-compliance statement issued by DNV-GL
Activities are automatically logged
All participants’ actions are recorded, ensuring a solid overview down to the smallest detail.
We are always disposal to your organisation’s data security expert to guarantee compliance with security policies. Our extensive experience in the field allows you to quickly describe a policy for how Conference Manager processes your confidential data.
Conference Manager is encrypted via TLS (https). The encryption certificates are often updated and the keys are also changed according to set standards. Whether it is setup and management of events or participants’ enrolment process, data is completely secured, when using Conference Manager.
As a starting point, we save data for 6 months, after your event has been organised, in order to meet the typical legislation. Should the need be different, our standard packages contain data storage for 6, 24 or 60 months. All data is stored in Conference Manager’s own data centre, and we do not use external parties for operation or hosting. Thus, we have no data located outside the EU/EEA.
GDPR – EU-Data Protection Regulation
It is now well-known that the EU Data Security Regulation, also known as the Personal Data Regulation, entered into force on May 25, 2018.
Everyone must therefore have a data-processing agreement that complies with the requirements of GDPR. In practice it is impossible to overcome satisfactory GDPR implementation without IT systems matching the regulatory requirements. This means, among other things, that you should be able to:
- ensure obtaining informed consent (and in some cases explicit consent) for processing personal data
- allow for revocation / cancellation of consent to the treatment, unless the treatment is required by law
- ensure transparency in processing so that individuals can accurately inform how and for what purpose their personal data are processed
- ensure documentation of who has had access to personal data
- allow people to delete their data
Conference Manager enables you to easily comply with the regulations. Without the use of a specific IT system, it becomes an almost impossible task.
Data processing agreement
Conference Manager has no independent right to your data. It is you, as our customer, who is the data manager for the content you provide in Conference Manager, and therefore you have a requirement to ensure that we meet our obligations.
Therefore, we conclude with all our customers a data processing agreement. It is an integral part of our agreement. Data Processing Agreement ensures that:
- It is described how and for how long we process and store your data
- A clear instruction has been given about how and what Conference Manager must do with your data and what to ensure
- That we have established (and continuously ensure) appropriate security measures
- Data can only be processed within the EU / EEA
- The type and categories of data are described based on your specific events
- Employees who may come into contact with data are subject to confidentiality
- We provide assistance to you if you have to provide information to authorities or registered persons, etc.
- Deletes your data permanently in accordance with our agreement, and at the latest when the agreement ends