Computerised data is a particularly valuable and sensitive asset for all businesses. The DIMO Software Group is also committed to ensuring that the computer output data entrusted to it by its customers (database, data files, etc.) remains protected and secure.
Output data entrusted to us by our customers is important and valuable. That’s why DIMO Software wanted to strengthen its information security management system in order to identify threats and implement appropriate measures and controls to maintain the confidentiality, integrity and availability of the customer data we host.
This approach allows us to prevent theft, loss and corruption of computerised data and to do everything we can to avoid unauthorised access to the computer systems concerned.
On 24 November 2015, DIMO Software received ISO 27001 certification for its Notilus Travel & Expense Management solution. Our French host (the company NC2) was also awarded this certification in 2013. DIMO Software thus became one of the first software publishers to achieve this high standard in information security.
This certification is testament to DIMO Software’s approach to quality and security. ISO 27001 is recognised as being one of the highest standards in information security. For Notilus, it ensures that there are processes for the identification and prevention of all risks relating to the information security of its apps. This certification is subject to an annual monitoring audit and a renewal audit every 3 years by an approved body (Bureau Veritas).
Protecting your data
The General Data Protection Regulation (GDPR) has two main objectives:
To strengthen protection of the rights and freedoms of persons whose data is processed.
To improve the flow of data within the European Union.
The changes brought by the European regulation entail:
At DIMO Software, we’re developing an approach to provide our customers with the tools they need to comply with their obligations under the regulation, which came into force on 25 May 2018.
Our role is to act as the ‘facilitator’ of compliance with the GDPR. To guide you through this process, we’ve launched a review of all our solutions and their related documents and we work continuously to improve them, taking into account privacy by design.
Our employees are aware of the processing of this type of data and the related legal regulations and are obliged to comply with our IT charter, attached to our company rules and regulations. They only access your data when necessary to meet your support needs and we undertake never to pass it on to unauthorised third parties.