Skip to main content

Compliance

What is compliance?

Compliance is the organisational effort to adhere to applicable laws and regulations and work in accordance with the requirements of standards, established guidelines, or best-practice specifications.

Grexx compliance?

  • Grexx takes the security of your data very seriously.
  • Grexx has set up a compliance programme with a focus on Information Security, that is continuously improved.
  • Grexx has described in detail its Information Security Management System (ISMS).
  • Our ISMS is audited annually by external auditors for assurance and certification.
  • Grexx employees are screened by Justis, the screening authority of the Dutch Ministry of Justice and Security.
  • Grexx employees have signed a Non-Disclosure Agreement.
  • Grexx employees agree to the Grexx Code of Conduct and a number of Information Security-related policies.
  • Grexx employees are kept informed about information security developments through communiqués and an annual security awareness training.

Grexx hosting

Grexx hosts its Grexx Platform solutions on the cloud at datacentres located in the Netherlands (EU/EEA) with at least the same levels of compliance and certification.

  • Penetration tests are carried out on our infrastructure annually by a company specialising in information security.

Grexx assurance and certification

Grexx platform and our processes meet strict international standards with the following certificates:

  • International Standard on Assurance Engagements (ISAE)
    • Service Organization Controls: Trust Services Criteria (SOC2)
    • SOC 2 ISAE 3402 Type I Assurance Report in 2015
    • SOC 2 ISAE 3402 Type II Assurance Reports between 2016 and 2022
    • SOC 2 ISAE 3000 Type II Assurance Reports since 2023
  • International Organization for Standardization (ISO)
    • ISO 27001 Information Security Management, continuously certified since 2016
  • Royal Netherlands Standardization Institute (NEN)
    • NEN 7510 Information Security in de Zorg, continuously certified since 2016

ISAE_certificaat    NEN_certificaat    ISO_certificaat   

Risk and Incident management

For risks and incidents we follow the following guidelines:

  • ISO 30001 for Risk Management
  • ISO 27035 for Incident Management

Data Protection and Privacy

Grexx complies fully to the General Data Protection Regulation (GDPR) as