Security Audit

In preparation for the EU General Data Protection Regulation, we at Agillic have been working on a full work-over of our Information Security setup. Over the past few years we have improved and developed our Information Security Management System (ISMS), and worked on our information security strategy in general. We chose to re-build our ISMS according to the ISO 27001:2013 standard, a standard widely followed in the IT-industry and recommended by legal experts working with the GDPR.

We decided to apply most of the controls from all the areas, as they are very relevant to us. The objective was to emphasise the importance of information security, in line with business requirements and relevant laws and regulations. Information and information systems are essential for Agillic, and information security has a vital importance for us.

We work with a risk-based information security management system, ensuring all notable threats are mitigated in an appropriate manner. This way, foreseeable security issues can be prevented and potential damages limited.

The ISMS is audited by Beierholm. The audit is conducted according to the ISAE 3402 type 2 requirements and reflects how our ISMS relates to the ISO 27001 requirements.

All key control areas from the ISO 27001 standard are audited, including:

  • Risk Management
  • Information Security
  • Policies
  • Organisation of Information Security
  • Human Resource Security
  • Asset Management
  • Access Control
  • Operations Security
  • Communications Security
  • Supplier Relationships
  • Information Security
  • Incident Management
  • Information Security
  • Aspects of Business
  • Continuity Management
  • Compliance

Agillic got positive feedback from the auditor, and parts of the Agillic ISMS were said to “set the bar for other companies in the industry.” We strive to raise the bar even higher and have embarked on an ambitious Information Security Strategy. A dedicated team is working to ensure that both the Agillic organisation and the Agillic platform is compliant and well prepared in case of challenges.