Information security at Phrase

Phrase is always heavily committed to ensuring your information stays safe. To get this validated externally, we underwent testing by TÜV Rheinland for ISO27001 and TISAX standards.

ISO27001 certification

About ISO27001

ISO27001 is an information security standard, part of the ISO/IEC 27000 family of standards, of which the last version was published in 2013.

Testing process

The information security management of Dynport GmbH was audited for the operation of the Translation Management Solution, Phrase. This includes its API, plugins, client-software and integrated services, as well as the processes and measures that are necessary for the operation of the Translation Management Solution. The audit conducted by TÜV Rheinland proved that all requirements of ISO/IEC 27001:2013 are met. We are now ISO27001 certified since 19.02.2020.

Documentation

You can find our certification in the TÜV Rheinland Certipedia. Our test mark below links directly to our certification page. When found on print material, you can scan the test mark’s QR code to find our certification page.

TR-Testmark_9000004761_DE_CMYK_with-QR-Code

 

TISAX conformity

About TISAX

TISAX is a standard for information security in the automotive industry. It stands for “Trusted Information Security Assessment Exchange”. TISAX is operated and managed by the ENX Association (an association of European vehicle manufacturers, suppliers and organisations).

The effectiveness of the control processes and their current implementation is assessed on the basis of the procedure specified in the TISAX "Accreditation Criteria and Assessment Requirements" (ACAR), as published by the ENX Association at the time of reporting. 

Testing process

The audit is performed by highly-qualified auditors from an audit service provider approved for TISAX. TISAX tests are carried out on the basis of the VDA ISA testing catalogue. Detailed information can be found at http://www.enx.com/tisax/.

Our TISAX assessment has been performed by TÜV Rheinland. We have been tested to be conform and the results have been published on 18.02.2020. 

Documentation

As TISAX is a standard used by the automotive industry, you need to have access to the portal of the ENX Association in order to be able to see our results. If you do have an ENX Participant-ID, please get in touch with us. We would be happy to give you access to see the results.

TISAX Result ohne Verlauf

Web and API-Pentest

Our application was tested by turningpoint to assure our compliance with web security best practises.

badge_pentest_app.phrase.com-456ab44fdr-1

DCSO Cloud Vendor Assessment

About DSCO

The DCSO (Deutsche Cyber-Sicherheitsorganisation GmbH) is a competence center for cyber security in Germany. The DCSO Cloud Vendor Assessment Service assesses the security level of cloud service providers.

 

Testing process

Phrase (Dynport GmbH) was evaluated based on the framework for the DCSO Cloud Vendor Assessment. This methodology includes a questionnaire developed by the DCSO on the security organization of a cloud provider. The review of Phrase’s documents took place from 30.04.2020 to 12.06.2020. 14 subject areas of information security were assessed and evaluated using maturity levels. Phrase reached maturity level 3 or more in all 14 subject areas. (Maturity levels 0 to 2 are indicators for possible risks that may arise due to insufficiently implemented security measures.)

 

Documentation

The results of our assessment are not publicly available. They are available for service customers as part of the CVA-Community.