Overview

Mindbreeze is part of the Fabasoft Group and uses Fabasoft Cloud Services. Data protection and data security have the utmost priority for Fabasoft as a software manufacturer and cloud provider.

Fabasoft is certified and tested according to all relevant standards for security and reliability. Through our company and server locations in Central Europe we are subject to the strictest data protection laws. Your data is in safe hands with us. Read more about how we guarantee the security of your data.

Certified security and reliability

Fabasoft Certificates

Since 2008 the Fabasoft Linz head office has been certified according to the ISO norm 27001 for IT information security. Since 2010 Fabasoft Folio Cloud has been tested according to ISAE 3402 Type 2 and since 2011 additionally according to ISO 20000-1. You can find out more about these certifications on this page.

ISO 9001
ISO 9001 CERTIFICATION - Quality Management

Since 2005 the entire Fabasoft company has been ISO 9001 certified. Once a year our quality management is audited and certified by a leading certification body.The aims of the audit are to examine the conformity with demand models and the identifying of potential for the further development of the quality management system. TÜV AUSTRIA CERT GMBH has successfully carried out the surveillance audit in July 2016.

Continuous Improvement

The quality management system at Fabasoft is a living system. This means that work methods, processes and their corresponding documentation are continuously adapted to the new data and constantly undergoing improvements. All Fabasoft business-relevant processes are depicted in the form of graphic process diagrams in the process landscape in the internal system. The further development, checking and approval of these processes is the responsibility of the process owner and is defined for every process.

Focus on Customer Orientation

A strategic aim of Fabasoft lies in a strong customer orientation of the quality management system. At Fabasoft customer satisfaction is of the highest importance. Fabasoft customers have the opportunity to share their opinions and improvement suggestions with us. In regular meetings (User Group) customers can give their feedback directly to the Fabasoft employee in charge. The results and evaluations of customer surveys are analyzed and integrated into the improvement processes to ensure that the customer demands are met.

ISO 2000
ISO 20000 CERTIFICATION - IT-Service-Management

In May 2011 Fabasoft received the ISO 20000 certificate for the IT services Folio Cloud (today: Fabasoft Cloud) and Folio SaaS for the first time. The ISO 20000-1 standard is an internationally recognized standard for IT service management systems which documents the requirements for professional IT service management.

Implementation of International Standards

With this certification, Fabasoft underlines its strategy of implementing international standards. ISO 20000-1 serves as a measurable quality standard for IT Service Management (ITSM). The aim of ISO 20000 is to deliver a higher quality of IT services to customers. Alignment according to the needs and requirements of customers plays a primary role.

Conformity with ITIL

The standard also serves as an instrument to model processes in an optimized management system as they are described in the Office Government Commerce (OGC)’s IT Infrastructure Library (ITIL). This encompasses such core processes as change, release, incident, problem and security management.The certification brings with it many advantages. Alongside the targeted improvement of processes through regulated structures, service level maintenance, customer satisfaction and availability of services are more easily measurable by means of key performance indicators.

TÜV AUSTRIA CERT GMBH has successfully carried out the surveillance audit in July 2016.

ISO 27001
ISO 27001 CERTIFICATION - Information Security

In June 2008 Fabasoft received the ISO 27001 certificate for the first time. The standard is a globally recognized standard for the assessment of the security of IT environments.

Clearly Defined Standards

The certification’s range of validity specifies the requirements for fully comprehensive information security management concerning all IT and business processes as well as all confidential company information. For customers, the ISO 27001 certification means compliance with clearly defined technical and security based standards and thereby defined service levels for the Fabasoft data centers.

Continual Adaptation

Periodical internal controlling of the processes and provisions detailed in the ISO 27001 is the basis for the further development of internal IT security standards and the continual adaptation according to changing frameworks and tasks.

TÜV AUSTRIA CERT GMBH has successfully carried out the surveillance audit in July 2016.

ISO 27001
ISO 27018 CERTIFICATION - Protection of personal data

In July 2015 Fabasoft was audited successfully and gained also certification under ISO 27018. The international standard was established for the first time in August 2014 and specifies data protection requirements for cloud service providers. They have to undertake major obligations regarding notification, information, transparency and burden of proof in order to build trust with clients and public institutions concerning the processing of personal data within the cloud. TÜV AUSTRIA CERT GMBH has successfully carried out the surveillance audit in July 2016.

ISAE 3402 Type 2
ISAE 3402 Type 2

The International Standard on Assurance Engagements (ISAE 3402) is the international testing standard that assesses the effectiveness of internal control systems (IKS) of service providing organizations. The standard was created by the International Auditing and Assurance Standards Board (IAASB) as a successor to the SAS 70 Standard. Up until 2011 Fabasoft was tested according to the AICPA’s reporting standard SAS 70 Type 2, afterwards according to ISAE.

ISAE 3402 aims to extensively test an organization’s internal control system and to rate its effectiveness in detail. The testing takes place over a six month period. The ISAE 3402 test report contains the opinion of an external test company on the control procedure at the service provider, a description of the control points, the test methods and controls, information about the test period and a statement about the effectiveness of the controls.

ISAE 3402 Type 2
Audit-proof Archiving

The vision of a paper-free office is as old as the first IBM PC that fitted onto a regular desk - but we're still chasing that dream. The rules and regulations governing the storage of business records, invoices, contracts, documentation for accounts and financial records are partly to blame for this. Time limits legally required for storage vary from a few years to eternity and beyond.

Verified Quality

The PricewaterhouseCoopers auditors worked according to a checklist. Some of the most important points, which were naturally found to be without faults, were:

  • Data access. Already in the course of the ISAE 3402 Type 2 test, virtual and physical access restrictions were thoroughly checked and found to be sufficient. Client data is safe from prying eyes.
  • Data cannot be amended retrospectively.
  • Relevant documents cannot be deleted before the time limit expires - not even by Fabasoft administrators.
  • The trail from paper to electronic storage is sufficently secured.
  • All legal requirements are met.

ISAE 3402 Type 2
TÜV Rheinland

TTÜV Rheinland i-sec GmbH certification body certifies that Fabasoft R&D GmbH has achieved the following objectives for the Fabasoft Cloud, Fabasoft Folio SaaS, HeadsUp! User Engagement, and Mindbreeze InSite services for the cloud infrastructure and cloud application:

  • Effectiveness in selecting the data location
  • Secure hosting of data
  • Secure data transmission
  • Secure operation of business-critical applications
  • Quality and availability of service provision – high service continuity, high on-demand scalability
  • Security and quality of data access and data storage – secure login procedure, andauthorization systems to control data access at network level
  • State-of-the-art protection against attacks

Proof was provided on site in the form of random external and internal security analyses as well as an audit of the technical, physical as well as organizational security measures, and business processes. The test report 63007063-01 forms part of this certificate.

TÜV Rheinland i-sec GmbH tests the effectiveness of the assessed process through annual monitoring audits.

ISAE 3402 Type 2
Accessibility

Equal opportunities for people with disabilities and their integration into society and work require the accessible use of software, which is also defined by law. The Fabasoft eGov-Suite is offering accessibility for almost all kinds of disabilities.

In September 2013, Pfennigparade tested the web application Fabasoft eGov-Suite 2013 for accessibility. The practical accessibility of the application corresponds to an overall result of 93.5 points of a BITV test. The Fabasoft eGov-Suite 2013 is therefore “very accessible”.

Audit-proof archiving - Archive 2010

The vision of a paper-free office is as old as the first IBM PC that fitted onto a regular desk – but we're still chasing that dream. The rules and regulations governing the storage of business records, invoices, contracts, documentation for accounts and financial records are partly to blame for this. Time limits legally required for storage vary from a few years to eternity and beyond. Folio Cloud is a huge step forward, as audit-proof electronic storage eliminates the costs and space requirements needed for hard-copy storage.

The PricewaterhouseCoopers auditors worked according to a checklist. Some of the most important points, which were naturally found to be without faults, were:

  • Data access. Already in the course of the SAS 70 Type II test, virtual and physical access restrictions were thoroughly checked and found to be sufficient. Client data is safe from prying eyes.
  • Data cannot be amended retrospectively.
  • Relevant documents cannot be deleted before the time limit expires –not even by Fabasoft administrators.
  • The trail from paper to electronic storage is sufficently secured.
  • All legal requirements are met.

National and European data protection laws

As a European company we are subject to the strictest data protection laws.

European Union

  • Directive 95/46/EC is the reference text, at European level, on the protection of personal data. It sets up a regulatory framework which seeks to strike a balance between a high level of protection for the privacy of individuals and the free movement of personal data within the European Union (EU). To do so, the Directive sets strict limits on the collection and use of personal data and demands that each Member State set up an independent national body responsible for the protection of these data.
  • Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). This Directive was adopted in 2002 at the same time as a new legislative framework designed to regulate the electronic communications sector. It contains provisions on a number of more or less sensitive topics, such as the Member States keeping connection data for the purposes of police surveillance (the retention of data), the sending of unsolicited e-mail, the use of cookies and the inclusion of personal data in public directories.

Germany


Austria


Data security: Security of customer data

Customer data lies in Fabasoft's own servers within its own protected networks to which only a small number of selected members of the operations management team have access. Even operations management employees do not have authorization to access customer data. These mechanisms are regularly checked via external audits. But in short, customer data cannot be viewed by Fabasoft employees.