Acrolinx security

Information security and data privacy

Protecting sensitive data in the digital age

Keeping your information safe

At Acrolinx, we prioritize a culture of vigilance. That means our commitment to protecting our customers’ data is strong. We’ve committed significant resources to maintain the security of data and information in several ways:

  • Strict access controls
  • Encryption
  • Identity and access management
  • Vulnerability management

We’ve designed the Acrolinx Platform to meet the needs of our many security-conscious customers. It’s built with rigorous controls that use modern technology, highly trained staff, and industry-leading partners. Independent and accredited third-party firms audit our work, so you can trust in its effectiveness and consistency. 

Leading the way in security

To stay ahead, our experienced team of certified security professionals continually evaluate, improve, and evolve our security measures. We use our close collaboration with industry leaders and experts to keep our security architecture up to date with the latest technology advancements. We also routinely monitor our systems for vulnerabilities and proactively deploy patches and remediations. Constant improvement is a critical goal.

Information security and compliance

Security

Acrolinx protects the availability, confidentiality, and integrity of all data. Our security program includes:

  • Annual independent ISO 27001 Certification audit
  • External third-party pen testing
  • Static code analysis and vulnerability scanning
  • Dynamic application testing
  • 24×7 CSOC – Cyber Security Operations Center
  • WAF – Web Application Firewalls
  • Forced encryption at-rest and in-transit
  • DDOS protection

Privacy

We embrace the principles of data subject privacy and the compliant processing of personal information. 

Under the oversight of our DPO, we process our customers’ personal data in accordance with Article 28 of the GDPR. We also routinely evaluate regulatory changes, so we have the right controls and processes to stay compliant. 

Competence

Our Information Security competence and training program includes frequent, mandatory, general and specialized training for all employees. 

Acrolinx employs a dedicated Information Security team: 

  • An (ISC)2-certified professional with CISO experience
  • Two Certified Information Systems Security Professionals (CISSP®)  
  • A Certified Information Privacy Professional (CIPP/E)
  • A Certified Ethical Hacker (CEH™)
  • A TÜV certified Data Protection Officer

ISO 27001 certification

Acrolinx has undergone an independent third-party audit of our Information Security management system and has been awarded the ISO 27001 certification.

The ISO 27001 – the most internationally recognized standard for security – provides our customers with assurance and confidence that we’ve designed and implemented effective controls to adequately protect their data.

A-Lign, an independent ANAB-accredited firm trusted by more than 2,500 global organizations, conducted the comprehensive audit.

Download a copy of our ISO 27001 certificate HERE.

CSA Star Level 1

Acrolinx has completed the CSA Consensus Assessments Initiative Questionnaire (CAIQ) and successfully achieved the CSA STAR Level 1 status. 

Established by the Cloud Security Alliance (CSA), the CSA Security Trust Assurance and Risk (STAR) Program provides a platform and open certification framework for SaaS organizations to assess and validate the security competencies of their internal environment.

See our responses to the CSA CAIQ on the CSA STAR Registry HERE.

TISAX participant

Acrolinx GmbH is an active TISAX (Trusted Information Security Assessment Exchange) participant. TISAX is a registered trademark and governed by the ENX Association on behalf of the German VDA.

For more information about TISAX, please visit  https://enx.com/tisax.

The assessment result (Assessment ID: ATVNZF, Scope ID: SRZL86) is exclusively retrievable over the ENX Portal: https://portal.enx.com/en-en/TISAX/tisaxassessmentresults.

(TISAX and TISAX results are not intended for general public.)

Have you found a vulnerability?

Learn more about our vulnerability reward program.

Report it

Industry-leading partners

Amazon Web Services

We host our business-critical platform with AWS, which provides a global footprint, highly reliable services, and strong security controls.

Rackspace

We’ve partnered with Rackspace, the leading provider of expertise and managed services, to operate our cloud platform. 

Rackspace holds ISO 27001 and PCI-DSS certifications, and undergoes annual SOC 2 type II audits.

Crowdstrike 24×7 CSOC

We protect all our Acrolinx servers with next-gen endpoint detection and response (EDR). This maintains real-time protection, response, and continuous telemetry to a 24×7 Cyber Security Operations Center (CSOC).

image for crowdstrike blurb.

Crashtest Security

Security is a main pillar of our software development and QA philosophy. We use the Crashtest Security scanner as the primary vulnerability scanning tool to proactively detect any common application vulnerability. By making Crashtest Security a fully automated process within our SDLC, we test every release of the Acrolinx Platform.  

Have a question about our security program?

Get in touch today!

Contact us

Webinar banner showcasing guardrails for the webinar Enterprise-Grade AI Guardrails.

Register now!

Navigating the Editorial Maze Webinar >