Skip to main content

Compliance

What is compliance?

Compliance is the organisational effort to adhere to applicable laws and regulations and work in accordance with the requirements of standards, established guidelines, or best-practice specifications.

Grexx compliance?

  • Grexx takes the security of your data very seriously.
  • Grexx has set up a compliance programme with a focus on Information Security, that is continuously improved.
  • Grexx has described in detail its Information Security Management System (ISMS).
  • Our ISMS is audited annually by external auditors for assurance and certification.
  • Grexx employees are screened by Justis, the screening authority of the Dutch Ministry of Justice and Security.
  • Grexx employees have signed a Non-Disclosure Agreement.
  • Grexx employees agree to the Grexx Code of Conduct and a number of Information Security-related policies.
  • Grexx employees are kept informed about information security developments through communiqués and an annual security awareness training.

Grexx hosting

Grexx hosts its Grexx Platform solutions on the cloud at datacentres located in the Netherlands (EU/EEA) with at least the same levels of compliance and certification.

  • Penetration tests are carried out on our infrastructure annually by a company specialising in information security.

Grexx assurance and certification

Grexx platform and our processes meet strict international standards with the following certificates:

  • International Standard on Assurance Engagements (ISAE)
    • Service Organisation Controls: Trust Services Criteria (SOC2)
    • SOC 2 ISAE 3402 Type I Assurance Report in 2015
    • SOC 2 ISAE 3402 Type II Assurance Reports between 2016 and 2022
    • SOC 2 ISAE 3000 Type II Assurance Reports since 2023
  • International Organisation for Standardisation (ISO)
    • ISO 27001 Information Security Management, continuously certified since 2016
  • Royal Netherlands Standardisation Institute (NEN)
    • NEN 7510 Information Security in de Zorg, continuously certified since 2016

ISAE_certificaat    ISO_certificaat    NEN_certificaat   

Risk and Incident management

For risks and incidents we follow the following guidelines:

  • ISO 31000 for Risk Management
  • ISO 27035 for Incident Management

Artificial Intelligence (AI), Data Protection and Privacy

Grexx complies fully to the EU AI Act and the EU General Data Protection Regulation (GDPR / AVG in the Netherlands).

Environmental, Social, and Governance (ESG)

Grexx pursues both a high Corporate Sustainability Assessment Score (Ecovadis) and a leadership-level Environmental Impact Disclosure Rating (CDP).