Phrase is always heavily committed to ensuring your information stays safe. To get this validated externally, we underwent testing by TÜV Rheinland for ISO27001 and TISAX standards.
ISO27001 certification
About ISO27001
ISO27001 is an information security standard, part of the ISO/IEC 27000 family of standards, of which the last version was published in 2013.
Testing process
The information security management of Dynport GmbH was audited for the operation of the Translation Management Solution, Phrase. This includes its API, plugins, client-software and integrated services, as well as the processes and measures that are necessary for the operation of the Translation Management Solution. The audit conducted by TÜV Rheinland proved that all requirements of ISO/IEC 27001:2013 are met. We are now ISO27001 certified since 19.02.2020.
Documentation
You can find our certification in the TÜV Rheinland Certipedia. Our test mark below links directly to our certification page. When found on print material, you can scan the test mark’s QR code to find our certification page.
TISAX conformity
About TISAX
TISAX is a standard for information security in the automotive industry. It stands for “Trusted Information Security Assessment Exchange”. TISAX is operated and managed by the ENX Association (an association of European vehicle manufacturers, suppliers and organisations).
The effectiveness of the control processes and their current implementation is assessed on the basis of the procedure specified in the TISAX "Accreditation Criteria and Assessment Requirements" (ACAR), as published by the ENX Association at the time of reporting.
Testing process
The audit is performed by highly-qualified auditors from an audit service provider approved for TISAX. TISAX tests are carried out on the basis of the VDA ISA testing catalogue. Detailed information can be found at http://www.enx.com/tisax/.
Our TISAX assessment has been performed by TÜV Rheinland. We have been tested to be conform and the results have been published on 18.02.2020.
Documentation
As TISAX is a standard used by the automotive industry, you need to have access to the portal of the ENX Association in order to be able to see our results. If you do have an ENX Participant-ID, please get in touch with us. We would be happy to give you access to see the results.
Web and API-Pentest
Our application was tested by turningpoint to assure our compliance with web security best practises.
DCSO Cloud Vendor Assessment
About DSCO
The DCSO (Deutsche Cyber-Sicherheitsorganisation GmbH) is a competence center for cyber security in Germany. The DCSO Cloud Vendor Assessment Service assesses the security level of cloud service providers.
Testing process
Phrase (Dynport GmbH) was evaluated based on the framework for the DCSO Cloud Vendor Assessment. This methodology includes a questionnaire developed by the DCSO on the security organization of a cloud provider. The review of Phrase’s documents took place from 30.04.2020 to 12.06.2020. 14 subject areas of information security were assessed and evaluated using maturity levels. Phrase reached maturity level 3 or more in all 14 subject areas. (Maturity levels 0 to 2 are indicators for possible risks that may arise due to insufficiently implemented security measures.)
Documentation
The results of our assessment are not publicly available. They are available for service customers as part of the CVA-Community.