Enterprise Security for your Business
More than 3 million employees worldwide rely on the Haiillo platform every day to communicate securely within their organisation.
Trusted by the world’s
biggest brands
ISO certifications of our hoster
-
ISO 27017
Certified by Dekra data security management
-
ISO 27018
Certified by Dekra data protection management
-
ISO 27001
Certified by Dekra information security system
-
ISO 20000
Certified by Dekra service management system
-
ISO 9001
Certified by Dekra quality management system
-
ISO 22301
Certified by Dekra business continuity management system
-
ISO 14001
Globally recognized requirements for an environmental management system
Private Cloud: ISO 27001
ISO 27001 is the international standard for information security management. In 2019, Haiilo created an Information Security Management System (ISMS) for our private cloud, which was successfully certified by TÜV Süd according to ISO 27001 in the same year.
This certification is confirmed annually through an ongoing auditing process.
Haiilo is EU-GDPR compliant
Our customers’ right to privacy and the security of personal data is our top priority. Therefore, under the leadership of our Data Protection Officer (DPO), we have put together a team that guarantees compliance with all regulations.
The scope of the GDPR is very comprehensive with regard to the protection of personal data. For you, this means that you, as the data controller within the meaning of the GDPR, decide on the purpose and means of this data. Haiilo is commissioned by you as a so-called commissioned data processor to process the data exclusively in the sense of the DSGVO.
In order to minimize our customers’ risk around the GDPR, we at Haiilo have taken comprehensive measures in technical as well as structural terms. In addition, we have developed a “contract for the processing of personal data on behalf of a controller” (ADV contract), which we conclude with our customers, to create legal certainty for both sides.
Frequently asked questions
-
Does a personal attribution take place when downloading or uploading files?
-
How long does Haiilo store information about the end devices of the users?
-
How long does Haiilo store the IP address of users?
-
Are your hosting partners certified?
-
What happens in the event of notice of termination with our data?
Keeping your data safe
Haiilo takes every measure to ensure your intranet is equipped with bulletproof security. Therefore we strictly follow internationally recognized best practices.
Multiple redundant backups
We run backups of all relevant systems on a daily basis, which are stored at geo-redundant locations and are performance-optimized. These are available for incident recovery.
99.5% uptime
The uptime with our cloud provider (Open Telekom Cloud) is 99.5%, meaning downtime is extremely rare and non-critical.
CIS Controls
Our internal and external IT infrastructure is hardened in accordance with the CIS Controls Framework and regularly benchmarked in order to identify and apply updates as quickly as possible.
Pentests
With the help of a penetration test, or pentest for short, we have our existing IT infrastructure and web applications checked twice a year for potential vulnerabilities. In addition, we monitor our IT infrastructure via StarBoard.
Privileged Identity Management (PIN) powered by OKTA identity
Access to Haiilo’s production network is restricted to the core of the technical operations team and involves monitoring and controlling all access. On the software side, this is solved via Okta. All team access to the production systems is secured by key-based authentication.
Encryption – in transit
All communication of our systems via public networks is encrypted using HTTPS with Transport Layer Security (TLS 1.2) and Perfect Forward Secrecy (PFS). We have disabled SSLv3 on all systems to avoid security gaps.
Our SSL encryption has an A+ rating with Qualys.
Encryption – at rest
We encrypt users’ passwords using proven one-way hash functions to minimize the impact of a data breach. Almost all of our services use industry-proven symmetric encryption systems for encryption at rest.