Certified standard: ISO/IEC 27001:2017
Implementing ISO/IEC 27001 actively helps to protect corporate assets, reduce information and data security risks, and improve the availability of systems. The core component is the introduction of an information security management system (ISMS). This is a comprehensive, holistic and standardized management system – with defined rules and processes that serve to define, control, monitor, maintain and continuously optimize information security in the company.
The applicability statement, i.e., the determination of which areas are included in the certification, determines the complexity and effort of the ISMS. We have opted for the maximum scope. This means that not only parts, but the entire company is subject to the certification requirements. The organization as well as the conception, development, quality assurance and operation of the FUTURA Cloud are ISO-certified. Our ISMS is under the responsibility of the management and is fully supported.
The certification is valid for 3 years and is verified annually by an independent audit company for compliance with all standard requirements. The ISO/IEC 27001 certification gives you the assurance that the use of our cloud platform is secure and meets the highest, internationally recognized information security requirements.
With our company headquarters in Germany, data protection is one of our core competencies. We can account for compliance with the principles of data processing pursuant to Art. 5 (2) GDPR at any time.
- Records of processing activities; complies with Art. 30 GDPR
- Data protection impact assessment (DPIA); a two-step risk assessment process fulfills GDPR Art. 35 and 36
- Technical and organizational measures (TOM): Ensures an appropriate level of security when handling data in accordance with Art. 32 GDPR in conjunction with Art. 25 GDPR.
- Data processing agreement (DPA): Systematic contractual framework for the conclusion and archiving of contracts in compliance with data protection requirements.
- Data storage / data erasure: Established procedure with a concept on retention periods and schedules
- Provision of information on personal data by the customer support pursuant to Art. 15 to 21 GDPR
- Regular data protection training for employees by the external data protection officer helps raise awareness of GDPR and promote a good data protection culture in the company
Future-proof thanks to SAP certification: The integration of the FUTURA® cloud procurement platform in S/4HANA is officially SAP-certified – for on-premise variants as well as for the two cloud variants of SAP S/4HANA
The latest release of SAP S/4HANA 2022 for Sourcing and Procurement includes new features around product sourcing with a focus on direct materials and services. The recertification of FUTURA thus strengthens the the unique profile of the digital procurement solution, which specializes in construction and services.
The certification is audited annually.