As cloud-based visitor management providers, our team fully understands market needs for features that improve company security, safety, and branding.

But far too often, we’ve seen such new features arise in the industry at the expense of visitors’ data privacy.

It’s part of our culture, and we believe that no visitor management product should be designed in a way that sacrifices its visitors’ data. It does not have to be a win-lose situation, where we win on security, but lose on privacy.

Over the years, we’ve continued to develop more data privacy and security features to meet our customers’ needs and comply with data privacy regulations like GDPR.

But we see data privacy as an overarching mindset at our company. Ensuring data privacy shouldn’t just be reflected in a company’s product offerings, but should also be reflected in how the company operates as a whole.

Our latest data privacy certification: The ISAE 3000 Type I Assurance Report

That’s why we get our latest data privacy attestation delivered by third-party auditors: the International Standard on Assurance Engagements (ISAE) 3000 Type I Assurance Report, or privacy certification.

We not only thought it was important to validate our product, but also make sure that all of our processes were in line with leading international privacy regulations and framework.

We’re proud to announce that, following the renewal of our SOC 2 Type 2 certification, we’ve become the first visitor management system to receive this privacy certification as of February 2020.

So what exactly does it mean for our organization and our customers? Let’s break it down.

A true global privacy framework for ISAE 3000 reports

ISAE 3000 reports attest that the above-described requirements were met in accordance with the Privacy Control Framework (PCF) published by NOREA.

This PCF allows for independent auditors to issue privacy control reports that align with local and global regulations and requirements. To establish the PCF, the following 5 leading international practice frameworks were considered and integrated:

 

  • EU: General Data Protection Regulation (GDPR)
  • USA: The National Institute of Standards and Technology (NIST)’s Privacy Control Catalog
  • EU: NOREA’s Raamwerk Privacy Audit
  • EU: EuroPriSe’s European Privacy Seal
  • USA: The American Institute of CPAs (AICPA)’s GAPP Principles
Avatar photo

By

Jonathan writes about asset management, maintenance software, and SaaS solutions in his role as a digital content creator at Eptura. He covers trends across industries, including fleet, manufacturing, healthcare, and hospitality, with a focus on delivering thought leadership with actionable insights. Earlier in his career, he wrote textbooks, edited NPC dialogue for video games, and taught English as a foreign language. He holds a master's degree in journalism.