On 23 November 2018, the EDM service was recertified against the StarAudit criteria for the third time. The cloud service allows companies doing business in Austria to fulfil complex obligations pertaining to environmental legislation and regulations in an easy and secure manner. During the audit process, auditors and reviewers found that the business management system supporting the EDM service demonstrated an exceptionally high level of data protection management processes and information security.
With a view to the GDPR requirements concerning personal data protection and compliance, a policy for data privacy and protection of personal information was developed and communicated to all relevant parties. In addition, appropriate technical and organizational measures to protect users’ personal data were implemented at a level extending beyond pure management considerations and incorporating related legal requirements in daily operations and use by persons involved in the processing of personal data.
Finally, two more significant improvements to the EDM cloud delivery model were determined during the recertification process: a higher quality of disaster recovery management processes by means of verification and evaluation as well as the targeted provision of information security trainings for operational staff.