Security & Data Protection

Since 2005 the entire Fabasoft company has been ISO 9001 certified.

Once a year our quality management is audited and certified by a leading certification body. The aims of the audit are to examine the conformity with demand models and the identifying of potential for the further development of the quality management system.

Fabasoft was successfully recertified in accordance with ISO 9001:2015 by TÜV AUSTRIA CERT GMBH in October 2020.

Continuous Improvement

The quality management system at Fabasoft is a living system. This means that work methods, processes and their corresponding documentation are continuously adapted to the new data and constantly undergoing improvements.

All Fabasoft business-relevant processes are depicted in the form of graphic process diagrams in the process landscape in the internal system. The further development, checking and approval of these processes is the responsibility of the process owner and is defined for every process.

Focus on Customer Orientation

A strategic aim of Fabasoft lies in a strong customer orientation of the quality management system. At Fabasoft customer satisfaction is of the highest importance. Fabasoft customers have the opportunity to share their opinions and improvement suggestions with us. In regular meetings (User Group) customers can give their feedback directly to the Fabasoft employee in charge. The results and evaluations of customer surveys are analyzed and integrated into the improvement processes to ensure that the customer demands are met.

Scope

Development and sales of own software produces, cloud services, Software-as-a-Service applications, appliances and provision of related services.

Download certificate

In May 2011 Fabasoft received the ISO 20000 certificate for the IT services Folio Cloud (today: Fabasoft Cloud) and Folio SaaS for the first time. The scope was subsequently expanded to include Mindbreeze InSpire SaaS. The ISO 20000-1 standard is an internationally recognized standard for IT service management systems which documents the requirements for professional IT service management.

Implementation of International Standards

With this certification, Fabasoft underlines its strategy of implementing international standards.

ISO 20000-1 serves as a measurable quality standard for IT Service Management (ITSM). The aim of ISO 20000 is to deliver a higher quality of IT services to customers. Alignment according to the needs and requirements of customers plays a primary role.

ITIL orientation in IT Service Management

The standard also serves as an instrument to model processes in an optimized management system as they are described in the Office Government Commerce (OGC)’s IT Infrastructure Library (ITIL). This encompasses such core processes as change, release, incident, problem and security management.

The certification brings with it many advantages. Alongside the targeted improvement of processes through regulated structures, service level maintenance, customer satisfaction and availability of services are more easily measurable by means of key performance indicators.

Fabasoft was successfully re-certified in accordance with ISO 20000-1:2018 by TÜV Austria HELLAS in October 2020.

Scope

The IT Service Management System of Fabasoft supporting the provision of Fabasoft Cloud, Fabasoft Folio SaaS and Mindbreeze InSpire SaaS to internal and external customers.

Download certificate

In June 2008 Fabasoft received the ISO 27001 certificate for the first time. The standard is a globally recognized standard for the assessment of the security of IT environments.

In July 2015 Fabasoft was audited successfully and gained also certification under ISO 27018. This international standard was published in 2014 and specifies data protection requirements for cloud service providers. 

Clearly Defined Standards

The certification's range of validity specifies the requirements for fully comprehensive information security management concerning all IT and business processes as well as all confidential company information. For customers, the ISO 27001 certification means compliance with clearly defined technical and security based standards and thereby defined service levels for the Fabasoft data centers.

The international standard ISO 27018 defines data protection requirements for cloud service providers. They have to undertake major obligations regarding notification, information, transparency and burden of proof in order to build trust with clients and public institutions concerning the processing of personal data within the cloud.

Continual Adaptation

Periodical internal controlling of the processes and provisions detailed in the ISO 27001 incl. the ISO 27018 is the basis for the further development of internal IT security standards and the continual adaptation according to changing frameworks and tasks.

Fabasoft was successfully recertified in accordance with ISO 27001 incl. audit according to ISO 27018 by TÜV AUSTRIA Deutschland GmbH in October 2020.

Scope

Development and sales of own software produces, cloud services, Software-as-a-Service applications, appliances and provision of related services.

Download certificate

Mindbreeze receives attestation for its Mindbreeze InSpire SaaS service according to the specifications of the C5 catalogue of requirements (Cloud Computing Compliance Criteria Catalogue, abbreviated C5), published by the German Federal Office for Information Security (BSI). The Mindbreeze InSpire SaaS service is professionally operated in Mindbreeze data centers on behalf of the customers. The C5 attestation pursuant to the requirements of the BSI is a recognized and reliable proof which transparently reveals the high level of information security of for all Mindbreeze customers. Until 2020 the KPMG Alpen-Treuhand GmbH Wirtschaftsprüfungs- und Steuerberatungsgesellschaft issued the attestation.

Following the initial audit in accordance with BSI Standard C5:2020 at the beginning of 2021, this audit was carried out again at the beginning of 2022 by PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft, Germany, on behalf of Mindbreeze.

The C5 certificate (ISAE 3000 Report Type 2) is a recognized and reliable proof for all customers using Mindbreeze in the cloud (Mindbreeze InSpire SaaS), which verifiably discloses the high level of information security.

The catalogue of requirements of the BSI specifies the minimum requirements that cloud service providers must meet. The information on the general conditions of the cloud service serves to provide customers with additional information on the level of information security offered by Mindbreeze and ensures transparency with regard to information on jurisdiction and locations, availability and incident handling during regular operation, recovery parameters in emergency operation, availability of the data center, how investigation enquiries from government authorities are handled and certifications or attestations.

For more information on the audit report, please contact us at trust@mindbreeze.com.

Mindbreeze completed the SOC2 Type 2 audit for its Mindbreeze InSpire SaaS Services at the beginning of 2022. PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft, Germany, issued the audit report.

As part of the audit process, PwC checked whether the Trust Service Criteria (TSC) for Security – issued by the American Institute of Certified Public Accountants (AICPA) – are being adhered to. Therefore, the existing internal control mechanisms for the services offered – for example with regard to risk minimization, access controls, monitoring measures or communication – were examined and documented. The audit took the form of an ISAE 3000 Type 2 audit (checking the control implementation within a defined test period). Mindbreeze received the final audit results as an ISAE 3000 SOC2 Type 2 report.

For more information on the audit report, please contact us at trust@mindbreeze.com.

The International Standard on Assurance Engagements (ISAE 3402) is the international testing standard that assesses the effectiveness of internal control systems (IKS) of service providing organizations. The standard was created by the International Auditing and Assurance Standards Board (IAASB) as a successor to the SAS 70 Standard. Up until 2011 Fabasoft was tested according to the AICPA's reporting standard SAS 70 Type 2, afterwards according to ISAE.

ISAE 3402 aims to extensively test an organization's internal control system and to rate its effectiveness in detail. The testing takes place over a twelve month period. The ISAE 3402 test report contains the opinion of an external test company on the control procedure at the service provider, a description of the control points, the test methods and controls, information about the test period and a statement about the effectiveness of the controls.

For more information on the audit report, please contact us at trust@mindbreeze.com.

Equal opportunities for people with disabilities and their integration into society and work require the accessible use of software, which is also defined by law. Mindbreeze InSpire is offering accessibility for almost all kinds of disabilities.

Mindbreeze InSpire is the first enterprise search and big data solution to be evaluated by Pfennigparade. The standard recognized benchmark for the evaluation of Internet offerings is the BITV-Test, which was supplemented by a usability test to cover the full range of test criteria. Mindbreeze InSpire (search appliance) received a total BITV test score of 98.75 points. The component was given a rating of “very accessible”.

The vision of a paper-free office is as old as the first IBM PC that fitted onto a regular desk - but we're still chasing that dream. The rules and regulations governing the storage of business records, invoices, contracts, documentation for accounts and financial records are partly to blame for this. Time limits legally required for storage vary from a few years to eternity and beyond.

Fabasoft Folio is a huge step forward, as audit-proof electronic storage eliminates the costs and space requirements needed for hard-copy storage.

Verified Quality

The PricewaterhouseCoopers auditors worked according to a checklist. Some of the most important points, which were naturally found to be without faults, were:

• Data access. Already in the course of the ISAE 3402 Type 2 test, virtual and physical access restrictions were thoroughly checked and found to be sufficient. Client data is safe from prying eyes.
• Data cannot be amended retrospectively.
• Relevant documents cannot be deleted before the time limit expires - not even by Fabasoft administrators.
• The trail from paper to electronic storage is sufficiently secured.
• All legal requirements are met.

WACA is Austria's first and only quality seal to make accessibility on the web recognizable to the outside world according to the international W3C guidelines. The certificate of the WACA initiative and the independent certification body TÜV Austria is intended to ensure accessibility for all people on the professionally tested website.

Mindbreeze meets the requirements of WCAG 2.1 - AA to a high degree and was awarded silver for this reason.

The following criteria must be met for the Web Accessibility Certificate Austria (WACA) in Silver:

• Website largely complies with WCAG 2.1 - AA success criteria
• All content is accessible to all users
• The basic functionality is accessible to all users without restrictions
• Parts of the extended/optional functionality are more cumbersome to use for some users, but still accessible

Download Certificate