Is Goelett ISO 27001 certified or in the process of certification, and has it undergone SOC2 or SOC3 audits?
Goelett is ISO27001 certified. Our information security management system (ISMS), organisation, policies, processes and our practice regarding information security fulfil the requirements of international standard of ISO27001 norm. The certification has been granted by BSI (The British Standards Institution). Goelett utylises ISO27001 certified data centres.
Are security specialists involved in application development and periodic code review?
Yes, we have a dedicated security team, including a Security Officer and a team of security engineers, who play a crucial role in our development process. This team supports all other development squads. We strictly adhere to defined security requirements and employ automated code scans to verify coding standards and identify potential vulnerabilities. Additionally, all […]
Are intrusion tests conducted by accredited external auditors?
Yes, we engage specialized third-party entities to perform penetration tests at least once a year. We also undergo regular ISO 27001 audits to ensure compliance with international standards.
How is data security ensured, including data isolation, encryption, and data leakage prevention mechanisms?
Goelett is a SaaS multitenant application that ensures data separation through its logical system design. Data is encrypted at both the database and storage levels, as well as during transmission, with all protocols encrypted.
What procedures are in place for access management, including segregation of duties and password policies?
Our ISO 27001 certification underscores our commitment to rigorous access management. We follow well-defined policies and processes for segregating duties, granting and revoking access rights, and conducting regular access reviews. All access requests are registered and approved through a record management system, which also monitors and alerts for expiring data. We implement central authentication through […]
What solutions, procedures, and controls ensure that Goelett solution can continue to operate even in degraded mode?
Our business continuity strategy is built on two key pillars. Firstly, we have established the capability for fully remote work, implemented in 2018. All our systems are independent of physical office locations, enabling our teams to work seamlessly from anywhere. Secondly, we maintain duplicated High Availability (HA) environments, utilizing three datacenters. Our Azure datacenter provides […]
Is there a ticketing tool for opening and tracking incidents? How are incidents prioritized?
Yes, we have a robust ticketing system in place for opening and tracking incidents. Incidents are prioritized based on defined severity levels, taking into account factors like the impact on data or features and the number of affected users. The severity level determines the response process, ranging from immediate action for critical issues to standard […]
Is there a hardware and software monitoring system?
Yes, we maintain a comprehensive monitoring system that covers both software and platform components. We primarily use the Microsoft Azure cloud environment, with real hardware maintenance outsourced to our cloud provider. Our monitoring system tracks availability, and clients can check the final results on our status page. Additionally, we continuously monitor security by reviewing all […]
What is the policy for updating/applying security patches?
We are proactive in staying up-to-date with all software component updates in our environments. Some updates, such as antivirus and antimalware updates, are automatic. Others, however, require careful verification. Updates are initially applied to non-production environments and, after thorough verification, are subsequently rolled out to production environments.
Do Goelett processing activities comply with personal data processing principles defined in GDPR?
Yes, Goelett has implemented Ethical Use of Technology Policy, that implements privacy by design. We limit purpose of data processing, we minimize gathered data, we implement functionalities guarding accuracy of data and verify that we process data in a lawful, fair, and transparent manner.