SECURITY

Security at ebadu.pl

At ebadu.pl, we strive to take the security, privacy, and integrity of our customers' data seriously. We are proud to be ISO/IEC 27001:2022 certified, demonstrating our commitment to best practices in information security management. Our security framework ensures that your data is protected against unauthorized access, data breaches, and other cybersecurity threats.

SECURITY

ISO/IEC 27001 Certification

We have implemented an Information Security Management System (ISMS) compliant with ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection - Information security management system - Requirements standard . The ISMS has been independently audited and certified by TUV Nord. This certification, issued by an independent and recognized notified body, confirms that we adhere to internationally recognized security standards.

The scope of our certificate covers:

Research and development, service delivery and consulting services related to the ebadu products.

What it means for you:

  • Compliance - our organization adheres to the state-of-the-art security standard defined in ISO 27001.
  • Applying technical and organizational measures (TOMs) – we apply both technical and organizational measures defined in the Annex A of ISO 27001 to protect key assets and information.
  • Continuous improvement – we continuously monitor, audit and improve our ISMS to respond to evolving security threats and client expectations.
  • Standardize way of handling security incidents – when an information security incident happens it is handled in a standard and systematic manner.
SECURITY

Resources

As part of our Information Security Management System definition, we have a set of publicly available resources that may help you with understanding the scope of our ISMS and the assessment of ebadu.pl as a trusted supplier.

Please note that we intentionally do not share details about our Information Security Management System (ISMS), as this could be considered a bad practice. However, we are always open for a serious discussion. If you want to know more, just get in touch.

SECURITY

How we protect your data

At ebadu.pl, we take data security and privacy seriously. We implement industry-leading Technical and Organizational Measures (TOMs) to safeguard your information in compliance with ISO/IEC 27001:2022 and GDPR regulations. Below, we address key security questions to help you understand how we protect your data.

Do I have to take backups and test restoration?
No, ebadu.pl is fully responsible for data backups and restoration. We have defined a Recovery Point Objective (RPO) of 24 hours and regularly test our backup restoration procedures to ensure data availability and integrity. As a customer, you have no obligations regarding backup management.
Do I have to monitor ebadu.pl services?
No, our team continuously monitors the ebadu.pl platform to ensure high availability, security, and performance. We utilize automated monitoring tools, real-time alerts, and proactive threat detection systems to address potential issues before they impact your operations.
Is my data encrypted at rest?
Yes, all customer data stored on ebadu.pl is encrypted at rest using AES-256 encryption, ensuring strong protection against unauthorized access.
Is my data encrypted at transfer?
Yes, all data transmitted to and from ebadu.pl is encrypted using TLS 1.2 or higher, protecting it from interception and unauthorized access during transit.
What kind of measures are applied to protect my information processed on ebadu.pl?

We apply all TOMs required by Annex A of ISO/IEC 27001:2022, including:

  • Access Control - Role-based access controls (RBAC) and multi-factor authentication (MFA) to prevent unauthorized access.
  • Network Security - Firewalls, intrusion detection systems (IDS), and network segmentation to protect against cyber threats.
  • Regular Security Audits - Continuous vulnerability assessments and penetration testing.
  • Incident Response Plan - A structured approach to detecting, responding to, and mitigating security incidents.
  • Employee Security Awareness Training - Regular training sessions to ensure employees follow security best practices.

Additionally, as a GDPR-compliant organization, we ensure that:

  • Personal data is processed lawfully, transparently, and for a legitimate purpose.
  • Data minimization principles are followed, collecting only what is necessary.
  • Users have rights over their personal data, including access, rectification, and deletion requests.

By implementing these measures, we ensure that your data remains secure, compliant, and available when you need it.

SECURITY

What is your responsibility?

The security at ebadu.pl service is a joint responsibility of two sides. ebadu.pl as a Cloud Service Provider (CSP) is responsible for implementing Technical and Organizational Measures (TOMs) of ebadu.pl services. Hence, on one hand, the following security areas are covered by us:

  • Cloud infrastructure security
  • Application security
  • Data encryption at rest and at transfer
  • Backups and restoration tests
  • Service availability and uptime
  • Identity and access management (for service support users)
  • Security monitoring and threat detection
  • Security incidents within ebadu.pl services

while on the other hand, your organization as a Cloud Service Customer (CSC), should take care of:

  • Identity and access management (for all your users)
  • Encryption and protection of data leaving ebadu.pl service
  • Security incidents outside of ebadu.pl service
  • Client-side security
SECURITY

Contact

In all issues related to information security please contact us at:
security@ebadu.pl
In all issues related to privacy please contact us at:
rodo@ebadu.pl