Trust & Compliance Center
Welcome to the Adhese Trust & Compliance Center. This portal provides transparency into our security, privacy, and compliance practices.
Compliances
GDPR
GDPR
De GDPR (General Data Protection Regulation) is een Europese wetgeving die de privacy en bescherming van persoonsgegevens van burgers binnen de EU regelt. Ze is sinds mei 2018 van kracht en verplicht organisaties om zorgvuldig om te gaan met persoonlijke gegevens, transparant te zijn over het gebruik ervan, en passende beveiligingsmaatregelen te nemen. De GDPR geeft individuen meer controle over hun data en legt bedrijven strenge verplichtingen op, met hoge boetes bij niet-naleving.
SOC 2
SOC 2
Amerikaanse standaard die beoordeelt hoe goed een dienstverlener data beveiligt op vlak van beveiliging, beschikbaarheid, integriteit, vertrouwelijkheid en privacy.
Cybersecurity Framework
Our cybersecurity approach is based on the NIST Cybersecurity Framework, which organizes cybersecurity activities into five core functions: Identify, Protect, Detect, Respond, and Recover.
IDENTIFY
BASIC_ID.AM-1.1: An inventory of assets associated with information and information processing facilities within the organization shall be documented, reviewed, and updated when changes occur.
BASIC_ID.AM-2.1: An inventory that reflects what software platforms and applications are being used in the organization shall be documented, reviewed, and updated when changes occur.
BASIC_ID.AM-3.1: Information that the organization stores and uses shall be identified.
BASIC_ID.AM-5.1: The organization’s resources (hardware, devices, data, time, personnel, information, and software) shall be prioritized based on their classification, criticality, and business value.
BASIC_ID.GV-1.1: Policies and procedures for information security and cyber security shall be created, documented, reviewed, approved, and updated when changes occur.
BASIC_ID.GV-3.1: Legal and regulatory requirements regarding information/cybersecurity, including privacy obligations, shall be understood and implemented.
BASIC_ID.GV-4.1: As part of the company's overall risk management, a comprehensive strategy to manage information security and cybersecurity risks shall be developed and updated when changes occur.
BASIC_ID.RA-1.1: Threats and vulnerabilities shall be identified.
BASIC_ID.RA-5.1: The organization shall conduct risk assessments in which risk is determined by threats, vulnerabilities and impact on business processes and assets.
IDENTIFY
Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
PROTECT
BASIC_PR.AC-1.1: Identities and credentials for authorized devices and users shall be managed.
BASIC_PR.AC-2.1: Physical access to the facility, servers and network components shall be managed.
BASIC_PR.AC-3.1: The organisation's wireless access points shall be secured.
BASIC_PR.AC-3.2: The organization's networks when accessed remotely shall be secured, including through multi-factor authentication (MFA).
BASIC_PR.AC-4.1: Access permissions for users to the organization’s systems shall be defined and managed.
BASIC_PR.AC-4.2: It shall be identified who should have access to the organization's business's critical information and technology and the means to get access.
BASIC_PR.AC-4.3: Employee access to data and information shall be limited to the systems and specific information they need to do their jobs (the principle of Least Privilege).
BASIC_PR.AC-4.4: Nobody shall have administrator privileges for daily tasks.
BASIC_PR.AC-5.1: Firewalls shall be installed and activated on all the organization's networks.
BASIC_PR.AC-5.2: Where appropriate, network integrity of the organization's critical systems shall be protected by incorporating network segmentation and segregation.
BASIC_PR.AT-1.1: Employees shall be trained as appropriate.
BASIC_PR.IP-11.1: Personnel having access to the organization’s most critical information or technology shall be verified.
BASIC_PR.PT-1.1: Logs shall be maintained, documented, and reviewed.
BASIC_PR.PT-4.1: Web and e-mail filters shall be installed and used.
PROTECT
Develop and implement appropriate safeguards to ensure delivery of critical infrastructure services.
DETECT
BASIC_DE.AE-3.1: The activity logging functionality of protection / detection hardware or software (e.g. firewalls, anti-virus) shall be enabled, backed-up and reviewed.
BASIC_DE.CM-1.1: Firewalls shall be installed and operated on the network boundaries and completed with firewall protection on the endpoints.
BASIC_DE.CM-3.1: End point and network protection tools to monitor end-user behavior for dangerous activity shall be implemented.
BASIC_DE.CM-4.1: Anti-virus, -spyware, and other -malware programs shall be installed and updated.
DETECT
Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
RESPOND
BASIC_RS.RP-1.1: An incident response process, including roles, responsibilities, and authorities, shall be executed during or after an information/cybersecurity event on the organization's critical systems.
BASIC_RS.CO-3.1: Information/cybersecurity incident information shall be communicated and shared with the organization’s employees in a format that they can understand.
BASIC_RS.IM-1.1: The organization shall conduct post-incident evaluations to analyse lessons learned from incident response and recovery, and consequently improve processes / procedures / technologies to enhance its cyber resilience.
RESPOND
Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.
RECOVER
BASIC_RC.RP-1.1: A recovery process for disasters and information/cybersecurity incidents shall be developed and executed as appropriate.
RECOVER
Develop and implement appropriate activities to maintain plans for resilience and to restore capabilities impaired by cybersecurity incidents.