Policy Statement

Personal data we process

GRCguard B.V. helps organisations set up and manage a quality management system in order to comply with laws and regulations, licensing requirements, norms and standards.

Our goal is to make a sound quality management system accessible to small, medium-sized and large organisations through user-friendly and affordable software. To realise this goal, GRCguard’s board of management has implemented an information security management system based on the ISO 27001 standard.

For you and for us, it is important that confidential data remain confidential. As communication is becoming more and more digital, securing data becomes increasingly important. You can rest assured that your information is in good hands with us. We will do everything we can to ensure that people who are not authorised to do so have no access to your data. All data are stored within the European Union.

ISO/IEC 27001:2013

To ensure a continuous improvement process, we commit to the guidelines and standards of ISO/IEC 27001:2013. This is the international standard for information security management. How do we approach this?

Various organisations and authorities establish rules on information security and privacy protection. To keep track of all these rules and requirements, we maintain a Privacy & Information Security Management System. This tells us exactly what requirements we need to comply with, what the status of recommendations is, and who has which task. Finally, an external party regularly tests our information security. So you can rest assured that your information is safe, while we can provide continuous improvement.

For thorough protection of your data, we perform risk analyses. Where necessary, appropriate measures are taken in response to these analyses to prevent abuse, loss, unauthorised access, unwanted disclosure and unauthorised modification of data. Security consists of several aspects, which we have logically subdivided as follows:

  • Information security policy
  • Organising information security
  • Safe staff
  • Asset management
  • Access security
  • Cryptography
  • Physical and environmental security
  • Business operations security
  • Communications security
  • Acquisition, development and maintenance of information systems
  • Supplier relations
  • Information security incident management
  • Information security aspects of business continuity management
  • Compliance

We ensure that we comply with all relevant local and applicable laws and regulations and the availability, integrity and confidentiality regarding:

  • Information stored electronically or information printed and written on paper, information sent electronically or by mail, and information provided in conversations;
  • The continuity of operations and our solutions;
  • Risk awareness among employees;
  • The reporting of actual or suspected information security breaches or data breaches to (and having them investigated by) the designated information security manager or privacy officer.

If you have any questions about the technical design of the weCOMPLY management system, we will to discuss them with you.

Scroll to Top