Promises about
information security
for customers
- Home
- /
- About iqbs
- /
- Promises about information security for customers
Given the nature of its activities, iqbs has access to much of your data. Naturally, you want to be sure that we handle your data with care. In this document we would like to inform you in general terms about the measures we have taken. If you need more detailed information about the architecture of your environment, you can of course contact us.
ISO certified
First of all, we would like to inform you that at iqbs we are both ISO 9001:2015 and ISO 27001:2013 (soon ISO 27001:2022) certified. This certification is reassessed annually by BSI. The certification is organized by the parent organization of iqbs (Claresco). If you have any questions about the ISO certification, you can also contact securityofficer@claresco.nl.
Our staff
Our staff has been actively made aware of the importance of carefully handling information that you have entrusted to us. This is done, among other things, in the employment contract, which includes an extensive confidentiality clause. Employees are also reminded of the importance of information security during onboarding and through regular updates on our intranet. Confluence (the documentation environment we use) also has an extensive space full of instructions about safe software development, handling passwords, what to do in case of data leaks, etc.
Hired staff
In addition to its own staff, IQBS also uses hired staff. This concerns both freelancers and employees who work at another company. In both cases we impose the same requirements on behavior, confidentiality, protection of laptops, etc. that we impose on ourselves, also on external parties. Naturally, we also comply with legal requirements from, for example, the GDPR.
Our assets
The laptops we work on are centrally managed and monitored via Microsoft InTune. In this way, it is enforced that the devices have hard drive encryption, that Windows updates are running, that a virus scanner is active, etc. We also apply a clear screen and a clear desk policy.
Physical access security
Access to our office building in Bunnik is secured with a digital lock. This way we can check that only employees have access to our building. If someone leaves employment, we can also revoke access immediately.
Handling credentials
Given the nature of our work, we have access to your databases and data. In many cases we even have admin access. It is important to mention that we use a reputable password tool for storing passwords, namely Keeper Security. Access to this application is via the Microsoft account of our employees, which means that if an employee leaves employment, this access is also revoked. Employees must also log in via MFA (multi-factor authentication).
What you can do
Providing credentials
An important theme we often encounter is how our customers give us access to their environment. Sometimes an “IQBS account” is created in which IQBS employees share the same account. Sometimes there is a personal login, but this has the disadvantage that you have to allocate a license for multiple employees. Which method you choose is up to you. The method in which you give our Microsoft 365 accounts as external access to your tenant is attractive, but has technical limitations. For this reason, we wish to receive a service account for access to Power BI. We would be happy to discuss this topic with you.
Providing data
In certain cases it is necessary that you provide us with data. You are of course the sender of these files, but we are happy to tell you how we prefer to receive the files:
We prefer to receive data not via email, but via a link to an online source, such as SharePoint, OneDrive or similar software. This way you can provide access by name and we cannot simply send the file
For Excel with sensitive data, we would like to see a password on the file, where you provide the password in a different communication channel than in which you provided the file