Acrolinx security
Information security and data privacy
Protecting sensitive data in the digital age
Keeping your information safe
At Acrolinx, we prioritize a culture of vigilance. That means our commitment to protecting our customers’ data is strong. We’ve committed significant resources to maintain the security of data and information in several ways:
- Strict access controls
- Encryption
- Identity and access management
- Vulnerability management
We’ve designed the Acrolinx Platform to meet the needs of our many security-conscious customers. It’s built with rigorous controls that use modern technology, highly trained staff, and industry-leading partners. Independent and accredited third-party firms audit our work, so you can trust in its effectiveness and consistency.
Leading the way in security
To stay ahead, our experienced team of certified security professionals continually evaluate, improve, and evolve our security measures. We use our close collaboration with industry leaders and experts to keep our security architecture up to date with the latest technology advancements. We also routinely monitor our systems for vulnerabilities and proactively deploy patches and remediations. Constant improvement is a critical goal.
Information security and compliance
Security
Acrolinx protects the availability, confidentiality, and integrity of all data. Our security program includes:
- Annual independent ISO 27001 Certification audit
- External third-party pen testing
- Static code analysis and vulnerability scanning
- Dynamic application testing
- 24×7 CSOC – Cyber Security Operations Center
- WAF – Web Application Firewalls
- Forced encryption at-rest and in-transit
- DDOS protection
Privacy
We embrace the principles of data subject privacy and the compliant processing of personal information.
Under the oversight of our DPO, we process our customers’ personal data in accordance with Article 28 of the GDPR. We also routinely evaluate regulatory changes, so we have the right controls and processes to stay compliant.
Competence
Our Information Security competence and training program includes frequent, mandatory, general and specialized training for all employees.
Acrolinx employs a dedicated Information Security team:
- An (ISC)2-certified professional with CISO experience
- Two Certified Information Systems Security Professionals (CISSP®)
- A Certified Information Privacy Professional (CIPP/E)
- A Certified Ethical Hacker (CEH™)
- A TÜV certified Data Protection Officer
ISO 27001 certification
Acrolinx has undergone an independent third-party audit of our Information Security management system and has been awarded the ISO 27001 certification.
The ISO 27001 – the most internationally recognized standard for security – provides our customers with assurance and confidence that we’ve designed and implemented effective controls to adequately protect their data.
A-Lign, an independent ANAB-accredited firm trusted by more than 2,500 global organizations, conducted the comprehensive audit.
Download a copy of our ISO 27001 certificate HERE.
CSA Star Level 1
Acrolinx has completed the CSA Consensus Assessments Initiative Questionnaire (CAIQ) and successfully achieved the CSA STAR Level 1 status.
Established by the Cloud Security Alliance (CSA), the CSA Security Trust Assurance and Risk (STAR) Program provides a platform and open certification framework for SaaS organizations to assess and validate the security competencies of their internal environment.
See our responses to the CSA CAIQ on the CSA STAR Registry HERE.
TISAX participant
Acrolinx GmbH is an active TISAX (Trusted Information Security Assessment Exchange) participant. TISAX is a registered trademark and governed by the ENX Association on behalf of the German VDA.
For more information about TISAX, please visit https://enx.com/tisax.
The assessment result (Assessment ID: ATVNZF, Scope ID: SRZL86) is exclusively retrievable over the ENX Portal: https://portal.enx.com/en-en/TISAX/tisaxassessmentresults.
(TISAX and TISAX results are not intended for general public.)
Industry-leading partners
Amazon Web Services
We host our business-critical platform with AWS, which provides a global footprint, highly reliable services, and strong security controls.
Rackspace
We’ve partnered with Rackspace, the leading provider of expertise and managed services, to operate our cloud platform.
Rackspace holds ISO 27001 and PCI-DSS certifications, and undergoes annual SOC 2 type II audits.
Crowdstrike 24×7 CSOC
We protect all our Acrolinx servers with next-gen endpoint detection and response (EDR). This maintains real-time protection, response, and continuous telemetry to a 24×7 Cyber Security Operations Center (CSOC).
Crashtest Security
Security is a main pillar of our software development and QA philosophy. We use the Crashtest Security scanner as the primary vulnerability scanning tool to proactively detect any common application vulnerability. By making Crashtest Security a fully automated process within our SDLC, we test every release of the Acrolinx Platform.