Compliance

1. GDPR compliance

IT Aware fully complies with the European Union's General Data Protection Regulation (GDPR).

We have implemented all necessary legal and technical measures to ensure compliance with GDPR, including data processing agreements and storage protocols.

2. Data security and encryption

We implement high standards for data security:

• We implement high standards for data security:
• SSL/TLS encryption during transmission
• Access control based on roles and the principle of least privilege
• Multi-factor authentication for administrator accounts
• Regular security updates and patches
• Logging and monitoring of all system access

3. Regular audits and tests

We perform regular security audits to ensure compliance:

• Quarterly penetration testing of our systems
• Annual security audits by independent specialists
• Automated security scanning of code and infrastructure
• Regular backup and disaster recovery tests

4. Business continuity

We ensure high availability and operational reliability:

• 99.9% uptime SLA for our services
• Redundancy across multiple physical locations
• Automatic failover and load balancing
• Disaster recovery plan with regular testing
• 24/7 monitoring of critical systems

5. Employee safety

All employees undergo safety training:

• Mandatory annual data security training
• Background check of all employees
• Access control based on job function
• Signing confidentiality agreements
• Incident response training for security teams

6. Industry Standards and Certifications

We follow recognized standards and have relevant certifications:

• ISO 27001 information security management
• NIST cybersecurity framework
• OWASP Top 10 Security Practices
• Compliance with Danish and European data protection requirements

7. Incident reporting and response

In the event of a security incident or data breach:

• Immediate reporting to affected parties
• Notification to relevant regulatory authorities within 72 hours
• Documentation of all actions taken
• Implementation of improvement measures

8. Transparency and monitoring

We are transparent about our security practices and compliance status:

• Published security policy
• Regular compliance reports to customers
• Availability of our system status page
• Responsibility towards regulators and customers

9. Contact regarding compliance

If you have any questions about our regulatory compliance or security practices: