Independent third-party audit – Updated ISAE 3000
As regulated in our Data Processing Agreement entered with all client using the AskCody Workplace Platform, and as part of promise to providing an enterprise grade platform with the highest security standards, we must on a yearly basis perform a third party audit and inspection to verify the compliance of data processing with respect to the Data Processing Agreement, GDPR, our Information Security Policy, or Secure Development Policy and all other security and compliance matters in AskCody.
Therefore, we have performed a third-party audit and obtained an ISAE 3000 declaration that ensures that our data security continuously is revised, updated and implemented in accordance with GDPR, data protection laws and policies, and best practices in all levels and aspects of AskCody.
Please request the Independent Auditor’s (by BDO) ISAE 3000 report at dated July 15th 2019 on the description of the AskCody Workplace Platform and related technical and organizational measures and their design relating to processing and protection of personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Danish act on supplementary provisions here.
The ISAE 3000 report
AskCody is responsible for processing of personal data of our customers, who are Controllers according to the Regulation of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the EU General Data Protection Regulation) and the Danish Act on Supplementary Provisions.
The description in the ISAE 3000 report is intended for AskCody ApS’ customers (Controllers) using the AskCody Workplace Platform, and who have a sufficient understanding to consider the description along with other information, including information about controls operated by the Controllers themselves, when assessing whether the requirements of the EU General Data Protection Regulation and the Danish Act on Supplementary Provisions are fulfilled.
By this report, AskCody confirms that the accompanying description presents fairly at pages 6 to 15 the AskCody Workplace Platform that has processed personal data for Controllers subject to the EU General Data Protection Regulation, and the related technical and organizational measures (controls) at 15 July 2019.
In the report a thorough description of the AskCody Information Security Policy and Rules, our guarantees, processing activities, technical and organizational measures, safety measures, our controls and procedures, and breach procedures are tested and documented.