We take security seriously. Period.
A secure and scalable environment to manage your growing vendor ecosystem.
Our Security Statement
ENGAIZ prides itself on its leadership in the technology services industry. We recognize that we have a responsibility to protect all the data we hold or process, whether it belongs to ENGAIZ or to our employees, partners, customers, or suppliers.
All of our services run in the cloud. We don’t host or run our own routers, load balancers, DNS servers, or physical servers.
Our service is built on Amazon Web Services. They provide strong security measures to protect our infrastructure and are compliant with most certifications. You can read more about their practices here at https://aws.amazon.com/security/.
Our cloud architecture is based on the AWS Well-Architected framework. AWS Well-Architected provides a consistent approach for customers and partners to evaluate architectures and implement designs that can scale over time.
ENGAIZ is securely hosted in a AWS region, that is compliant with SOC2. AWS System and Organization Controls (SOC) Reports are independent third-party examination reports that demonstrate how AWS achieves key compliance controls and objectives.
It is the responsibility of our entire staff to become familiar with our security processes and to comply with our information security and privacy policies and the procedures we have established. We commit to providing an effective, efficient, and continuously improving security program to protect our assets and our customers data.
ENGAIZ’s senior management and executive board fully support our information security program and require all our employees, vendors, and partners to do the same. Our staff of security professionals is dedicated to implementing our security program and protecting your data.
ENGAIZ is committed to security principles that apply to all areas and employees, regardless of role or geographical location:
- Developing processes, procedures, and policies required for the protection of data we store and process and the IT assets we use.
- Identifying risks to the security of information and systems and mitigating these risks to levels acceptable to ENGAIZ.
- Defining security requirements, establishing baselines, and measuring compliance based on applicable laws, regulations, and best practices.
- Ensuring that incident response and disaster recovery plans are developed and implemented.
- Responding to and recovering from disruptive and destructive events.
- Increasing employee awareness of information security through training, discussion, and communication.
- Protect ENGAIZ systems, assets, and information against unauthorized access.
- Protect the confidentiality, integrity, and availability of the information we collect, store, transfer, and process in accordance with legislation, regulation, contractual requirements, and industry-best practices.
- Ensure that policy requirements are communicated and understood by providing training and awareness programs to all employees.
- Apply ENGAIZ’s security standards to our supply chain and partners.
- All employees, vendors, and partners are responsible for understanding and adhering to our security principles, policies, and standards.
- Ensure that any actual or suspected breaches of information security are assessed, investigated, and reported.
- Continuously assess and measure the maturity of our information security program and consistently improve it.
ENGAIZ is committed to protecting Personally Identifiable Information (PII) and ensuring compliance with privacy regulations such as GDPR:
- We collect only the personal information we need and explain why we need it.
- We share personal information within ENGAIZ only when there is a lawful reason for doing so and when the data controllers have given their consent.
- We allow data owners to request access to the personal information ENGAIZ holds for them, the right to have this information corrected or deleted, and the right to complain if they believe their information has been mishandled.
- We keep personal information only as long as is justified by our business needs.
- We take appropriate measures to protect the rights and freedoms of individuals whose personal information may be transferred to countries with different data protection laws.
- We ensure that actual or suspected breaches of these principles are reported and investigated appropriately.
- We apply these standards to ENGAIZ’s entire supply chain and delivery partners.
- We review this policy annually to reflect new legal and regulatory developments and ensure that we meet best practices.
Maintaining the confidentiality and integrity of PII is a requirement we take very seriously. We treat the information entrusted to us by our customers respectfully and professionally, ensuring that any data we process is handled legally and only for legitimate business reasons.
Please read of detailed Privacy Statement available at the footer of this site.