Statement of Compliance

15th of May 2018 v1.0

General Data Protection Regulation (GDPR)

 

Evotix (Formerly SHE Software) Executive Summary

 

Further to the company’s Statement of Commitment on GDPR. SHE Software is providing this statement as a Statement of Compliance.

SHE Software welcomes the introduction of GDPR on the 25th of May 2018. Our Health and Safety solutions: “SHE Assure” and “SHE Enterprise”, are provided to our customers by way of data centres hosted solely in the United Kingdom. SHE Software has always taken information security very seriously, with special attention given to data deemed to be personally identifiable information (PII), regardless of whether or not the data is controlled by us or our customers.

In terms of the GDPR, we have been working towards becoming compliant throughout 2017 to ensure that SHE Software’s customers can be certain that they are dealing with a fully compliant business and software provider. Our work on the GDPR started in May 2017 and we have sought advice and guidance from expert 3rd party suppliers to be able to publish this statement.

 

Assessment

  • SHE Software’s designated Data Protection Officer has assessed every article within the published GDPR document and matched the regulation’s requirements to that of its own activities and products. In this regard, this Statement of Compliance is intended to communicate our compliance with our role as “Software as a Service” (SaaS) provider defined in the GDPR as a data processor for our customers.

  • SHE Software will provide a document that will outline the articles of the GDPR that we as processor will comply with and publish policy documents that can be used to evaluate our commitment to compliance.

  • SHE Software is certified against the International Standard for Information Security Management (ISO 27001:2013) which demonstrates our commitment to information security.

 

Security Measures

In order to ensure compliance with the requirements of the GDPR, SHE Software has introduced a number of security measures and made a number of improvements, including but not limited to:

  • introducing a revised Change Management Policy that ensures that security of processing is robust so as to reduce the risk of accidental erasure or alteration of customer data.
  • implementing an improved Distributed Denial of Service (DDoS) prevention system and an improved Intrusion Detection System (IDS) to its Assure platform.
  • updating our Data Destruction Policy. This policy outlines the principles of how our customers’ data is treated at the end of contractual obligations.
  • purchasing a new Vulnerability Testing solution that will allow us to test our systems for security weaknesses after each software release.
  • updating its Breach Notification policy in line with our customers’ new obligations under GDPR.
  • making available a Variation of Contract that helps customers comply with the GDPR from a contractual perspective.
  • reviewing all of our suppliers for compliance with the GDPR, paying particular attention to our marketing suppliers.
  • introducing additional functionality within the SHE Assure service to allow our customers greater monitoring capability to help reduce the risk of data leakage from their organisations.
  • updating our website and direct marketing process so that both customers and potential customers have the assurance that they will be contacted and treated in accordance with the GDPR requirements.
  • updating our Privacy Policy to align with best practice.
  • maintaining our ISO27001 certification and our information security management system to help demonstrate our commitment to information security.

 

Further Information

For further information please contact gdpr@evotix.com