ISO 27001 Certification

Cybersecurity: It's Your Expectation, Our Responsibility

In an increasingly digital world, the protection of your data and information is not only a priority for us at ALLPLAN; it's a commitment. As part of the Nemetschek Group and with ISO certification, we adhere to the highest security standards and cutting-edge technologies to ensure your information is reliably protected. With innovative software solutions and a comprehensive security strategy, we ensure that your data and information are always in safe hands.

ISO 27001 Certification:

ISO 27001 is the globally recognized standard for Information Security Management Systems (ISMS). It certifies that a company has implemented a systematic and effective management approach to protect sensitive data. This includes identifying risks and implementing corresponding security measures to minimize threats and meet data protection requirements. With the ISO 27001 certification, ALLPLAN guarantees comprehensive protection against cyber threats and continuous compliance with the highest security standards.

As we are deeply committed to protecting both our information and our customers' data, the security measures we have implemented go beyond the requirements of the ISO 27001 standard in many areas.

FAQ:

Certifications and Standards

ALLPLAN is ISO 27001 certified. Compliance with the standard is independently verified through regular certification and monitoring audits.

To be prepared for future regulatory requirements, our ISMS already goes beyond the ISO 27001 requirements and considers upcoming laws and regulations, ensuring compliance for both us and our customers.

ALLPLAN is regularly audited for information security both internally and externally. Additionally, penetration tests are regularly conducted on our software solutions.

Data and Information Protection

Data is transmitted and stored in an encrypted form. A comprehensive Identity and Access Management system ensures that only authorized users can access data and systems.

In regards to user login, ALLPLAN applies proven best practices to securely authenticate users.

All data processed by ALLPLAN is part of a backup strategy. Backups are redundant and are performed and tested regularly. Data protection is an integral part of the company culture at ALLPLAN. The appointed Data Protection Officer, in collaboration with relevant departments, ensures compliance with legal requirements.

ALLPLAN's systems are embedded within comprehensive security architecture. Log files are created and monitored.

Security Incidents and Emergency Management

As part of its security management, ALLPLAN has established policies and plans for handling security incidents, which are regularly tested. These include regulations for communicating incidents to our customers. To prevent disruptions, our infrastructure is designed to be redundant.

ALLPLAN's systems are embedded within comprehensive security architecture. To prevent disruptions, our infrastructure is redundantly designed, and all data processed by ALLPLAN is part of a backup strategy. Backups are redundant and are performed and tested regularly.

Employee Training and Awareness

Our employees receive regular training on the fundamentals of information security and data protection. Special emphasis is placed on areas where we currently observe an increased threat level. In addition, employees are regularly made aware of the importance of information and data security through awareness measures.

Security Measures and Technologies

ALLPLAN's systems are embedded within comprehensive security architecture. As part of this, the attack surface and vulnerabilities of our infrastructure are closely monitored. Any vulnerabilities and risks found are promptly mitigated.

A comprehensive Identity and Access Management system ensures that only authorized individuals are granted access to data and systems. Existing permissions are regularly reviewed.

ALLPLAN uses Multi-Factor Authentication for its employees for all critical systems. Administrative tasks are performed on separate accounts.

Access to ALLPLAN’s data centers is limited to the necessary personnel and is safeguarded by various physical security measures.

Backup and Recovery

All data processed by ALLPLAN is part of a backup strategy. Backups are redundant, regularly performed, and tested.

Audit and Control

ALLPLAN is regularly audited both internally and externally in the field of information security. In addition, penetration tests are regularly conducted on our software solutions.