Enterprise Security for your Business

More than 3 million employees worldwide rely on the Haiillo platform every day to communicate securely within their organisation.

man standing with hands crossed and smiling

Trusted by the world’s
biggest brands

ISO certifications of our hoster

  • ISO 27017

    Certified by Dekra data security management

  • ISO 27018

    Certified by Dekra data protection management

  • ISO 27001

    Certified by Dekra information security system

  • ISO 20000

    Certified by Dekra service management system

  • ISO 9001

    Certified by Dekra quality management system

  • ISO 22301

    Certified by Dekra business continuity management system

  • ISO 14001

    Globally recognized requirements for an environmental management system

Private Cloud: ISO 27001

ISO 27001 is the international standard for information security management. In 2019, Haiilo created an Information Security Management System (ISMS) for our private cloud, which was successfully certified by TÜV Süd according to ISO 27001 in the same year.

This certification is confirmed annually through an ongoing auditing process.

 

 

Happy creative team in office. Business, startup, design, people and teamwork concept

Haiilo is EU-GDPR compliant

Our customers’ right to privacy and the security of personal data is our top priority. Therefore, under the leadership of our Data Protection Officer (DPO), we have put together a team that guarantees compliance with all regulations.

The scope of the GDPR is very comprehensive with regard to the protection of personal data. For you, this means that you, as the data controller within the meaning of the GDPR, decide on the purpose and means of this data. Haiilo is commissioned by you as a so-called commissioned data processor to process the data exclusively in the sense of the DSGVO.

In order to minimize our customers’ risk around the GDPR, we at Haiilo have taken comprehensive measures in technical as well as structural terms. In addition, we have developed a “contract for the processing of personal data on behalf of a controller” (ADV contract), which we conclude with our customers, to create legal certainty for both sides.

 

Frequently asked questions

  • Does a personal attribution take place when downloading or uploading files?
  • How long does Haiilo store information about the end devices of the users?
  • How long does Haiilo store the IP address of users?
  • Are your hosting partners certified?
  • What happens in the event of notice of termination with our data?

Keeping your data safe

Haiilo takes every measure to ensure your intranet is equipped with bulletproof security. Therefore we strictly follow internationally recognized best practices.

  • Multiple redundant backups

    We run backups of all relevant systems on a daily basis, which are stored at geo-redundant locations and are performance-optimized. These are available for incident recovery.

  • 99.5% uptime

    The uptime with our cloud provider (Open Telekom Cloud) is 99.5%, meaning downtime is extremely rare and non-critical.

  • CIS Controls

    Our internal and external IT infrastructure is hardened in accordance with the CIS Controls Framework and regularly benchmarked in order to identify and apply updates as quickly as possible.

  • Pentests

    With the help of a penetration test, or pentest for short, we have our existing IT infrastructure and web applications checked twice a year for potential vulnerabilities. In addition, we monitor our IT infrastructure via StarBoard.

  • Privileged Identity Management (PIN) powered by OKTA identity

    Access to Haiilo’s production network is restricted to the core of the technical operations team and involves monitoring and controlling all access. On the software side, this is solved via Okta. All team access to the production systems is secured by key-based authentication.

  • Encryption – in transit

    All communication of our systems via public networks is encrypted using HTTPS with Transport Layer Security (TLS 1.2) and Perfect Forward Secrecy (PFS). We have disabled SSLv3 on all systems to avoid security gaps.
    Our SSL encryption has an A+ rating with Qualys.

     

  • Encryption – at rest

    We encrypt users’ passwords using proven one-way hash functions to minimize the impact of a data breach. Almost all of our services use industry-proven symmetric encryption systems for encryption at rest.

  • Contact us if you have any questions