Skip to main content

Certifications and audits

Certifications and audits

We’ve achieved globally recognized standards for data protection. This includes:

  • ISO 27001 certification from BSI
  • Pentests carried out by

These FAQs address most of the issues that matter to our customers and prospects. If you can’t find what you’re looking for, then get in touch.

Has Panaseer achieved ISO27001 certification?

Yes, we have. We were certified in November 2022 and a copy of our Statement of Applicability; ISO certificate and external audit report summary is available upon request under a Mutual Non-Disclosure Agreement (MNDA).

Does Panaseer have a risk management framework?

Yes, we are aligned to ISO31000.

Does Panaseer have formal information security policies that are reviewed at least annually?

Yes, we have policies covering all aspects of information security that form a part of our ISMS (Information Security Management System). At a high level, these policies include; Starters and leavers; Cryptography; BYOD; Anti-virus; Cloud security; Supplier management; Risk management; Vulnerability management; Incident management; Asset management; and more.

Is Panaseer cloud-based and what cloud service provider do you use?

Yes, our solution is SAAS (Software as a Service) and is hosted in AWS (Amazon Web Services). We have regions in the EU (European Union), US and Canada which provides digital sovereignty for our clients operating out of those regions. Go here for more information.

Will my organization’s data be encrypted?

Yes, all data is encrypted at rest (AES 256) and in transit (TLS – Transport Layer Security – 1.2).

Does Panaseer conduct disaster recover tests at least annually?

Yes, annually. These summarized reports are available upon request under a MNDA.

Does Panaseer have somebody managing its Information Security Management System full time?

Yes, our ISMS is managed by our full time Information Security Manager.

Does Panaseer perform regular backups and are they encrypted and tested?

Yes, we perform regular backups and are fully encrypted and tested.

Does Panaseer have a Secure Development Lifecycle programme?

Yes, we follow OWASP10 best practices and our SSDLC (Secure system development lifecycle) is fully embedded in our development workflow and all developers are trained both on the SSDLC and the OWASP10.

Does Panaseer conduct mandatory security training for all staff?

Yes, all staff are trained twice a year, and the training is mandatory. The training covers core aspects of information security and privacy.

Does Panaseer have a business continuity plan?

Yes, and it is tested over the course of three years in full. We also conduct yearly tabletop exercises as well as yearly disaster recovery testing.

Does Panaseer conduct vulnerability scans?

Yes, we conduct regular DAST (Dynamic application security testing), SAST (Static application security testing) and dependency scanning across our environments and all findings are subject to our remediation policy. We have a dedicated team that tracks open vulnerabilities, this includes tracking endpoint vulnerabilities.

Does Panaseer conduct regular internal and external audits?

Yes, we have our own technical internal audits, we also hire specialized consultants to audit our ISMS and we have external auditors for our ISO27001 certification.

Is there an incident management process and will Panaseer disclose a breach in a timely manner?

Yes, we have a very thorough incident management process which is tested and audited. We would notify a customer in the event of a breach within 24 hours.

Is Panaseer compliant with privacy laws / regulations?

Yes, we are, and we conducted a full GDPR (General Data Protection Regulation) gap analysis in 2022.

Is Panaseer covered by cyber insurance?

Yes, we are. We can disclose these details upon request.

Does Panaseer conduct regular penetration testing?

Yes, annually, or when a major change occurs. These reports are available upon request under a MNDA, and any findings are subject to our remediation policy.

Does Panaseer monitor its suppliers for security-related risk?

Yes, we have a supplier relationship process whereby we screen all suppliers and monitor them.

Do Panaseer employees undergo background checks?

Yes, all Panaseer employees that handle client data undergo full background checks.

Does Panaseer have a change control policy?

Yes, this is covered in our SSDLC. In short, all changes must have approval. If you wish to obtain a copy of our SSDLC then please contact us and this can be arranged under a MNDA.

Are Panaseer’s endpoints protected from malware and other security risks?

Yes, our entire estate is protected from malware, patched regularly, fully encrypted and has MFA (Multi Factor Authentication) and SSO authentication. We have adopted CIS (Center for Internet Security) Level One best practices and policies across the estate.

Book your demo of Panaseer

Find out how to improve your security posture management using Continuous Controls Monitoring.

Our team can give you a tailored demo of the Panaseer platform, including the metrics and dashboards that enable you to prioritize resources and accelerate remediation.