Axelio has access to many of your data due to the nature of its work. Of course, you want to be sure that we handle your data carefully. And we do! On this page, we inform you broadly about the measures we have taken. If you need more detailed information about the architecture of your environment, you can certainly contact us.
First of all, we want to inform you that we are ISO 27001:2022 certified as Axelio. This certification is reassessed annually by DNV. The certification is organized by Axelio. If you have questions about the ISO certification, you can contact info@axelio.eu.
Our personnel is actively made aware of the importance of handling information entrusted to us by you carefully. This is done, among other things, in the employment contract, which includes a detailed confidentiality clause. Employees are also reminded of the importance of information security during onboarding and through regular updates on our intranet. Additionally, Confluence (the documentation environment we use) has an extensive space full of instructions on secure software development, handling passwords, what to do in case of data breaches, etc.
In addition to our own personnel, Axelio also uses hired personnel. This includes both freelancers and employees working for another company. In both cases, we impose the same behavioral requirements, confidentiality, protection of laptops, etc., that we impose on ourselves to the externals. Of course, we also comply with legal requirements from, for example, the GDPR.
The laptops we work on are centrally managed and monitored via Microsoft InTune. This ensures that devices have hard disk encryption, that Windows updates are applied, that an antivirus is active, etc. We also maintain a clear screen and clear desk policy.
Access to our office building in Bunnik is secured with a digital lock. This way, we can control that only employees have access to our building. If someone leaves the company, we can also revoke access immediately.
Given the nature of our work, we have access to your databases and data. In many cases, we even have admin access. It is important to mention that we use a reputable password tool, namely Keeper Security, for password storage. Access to this application is through our employees' Microsoft accounts, which means that if an employee leaves, this access is also revoked. Additionally, employees must log in via MFA (multi-factor authentication).
An important theme we often encounter is the question of how our clients grant us access to their environment. Sometimes an "Axelio account" is created in which Axelio employees share the same account. Sometimes there is a personal login, but this has the disadvantage that you need to allocate a license for multiple employees. Which method you choose is up to you. The method in which you provide our Microsoft 365 accounts as external access to your tenant is attractive but has technical limitations. For this reason, we would like to receive a service account for access to Power BI. We are happy to discuss this topic with you.
In certain cases, it is necessary for you to provide us with data. Of course, you are the sender of these files, but we would like to tell you how we prefer to receive the files:
• We prefer to receive data not via email but via a link to an online source, such as SharePoint, OneDrive, or similar software. This way, you can provide access by name, and we cannot simply forward the file.
• For Excel files with sensitive data, we prefer to see a password on the file, where you provide the password through a different communication channel than the one in which you provided the file.