Privacy & Security
BeeHolder BV aims to make software that has been thought through from practice. Thereby, privacy (by design & default) and security are already taken into account from the architecture. Each project and further development is assessed for sensitivity of data and how it is represented.
Information security and privacy is something we do together with all our employees and customers!
Consciousness and behavior:
Privacy & Security as a habit
Everyone employed or associated with BeeHolder BV begins with an introduction regarding awareness and behavior. This is provided by our Security officer Vince, who is supported for this purpose by the expert lawyers of Eldermans | Geerts.
This is how we secure your and our data
- Working according to Information Security Management System (ISMS).
- Comply with standards ISO 27001/ NEN 7510 (certified)
- Regular internal and external Audits of our products and processes.
ISMS & ISO 27001 / NEN 7510
It is actually quite normal, but is every provider of software that supports deployment in possession of an ISO 27001 and NEN 7510 certificate. The latter in particular is the standard for medical information security. To obtain and maintain this certification, a very comprehensive system (ISMS) that includes specific rules for processing medical information must be in place and demonstrably followed. This system describes all matters concerning processes & procedures, monitoring & measurement, behavior & awareness, and executive involvement in policy implementation.
In a nutshell, BeeHolder is continuously working according to a predetermined plan to meet certified standards with the goal of continuously improving this plan. This plan also takes into account the processing of medical information.
Audits on security programs
In addition to our own processes and procedures, BeeHolder also collaborates with a number of clients on their internal security programs. Consider vulnerability scanning, cyber threat intelligence, etc. These collaborations are not only tailor-made for our customers, but of course a welcome addition to BeeHolder BV’s overall audit. Our own audits mainly focus on PEN testing, OWASP top 10, and are more application specific. Every year there is also a group of Ethical hackers of who try to discover a vulnerability in the applications as part of their education at NHL Stenden.
Storage and disposal
Data protection and privacy also means complying with retention periods and deletion requests. Throughout the cycle of information collection, sharing, and deletion, BeeHolder BV has transparent and customizable access to data. This means that we have custom configured the retention periods required by law, for different types of data and under different types of laws, for each customer. There is an option to set a signal to be notified when data has been completely deleted or marked for deletion.
Information Security Officer & Privacy Officer
Our Security officer ensures that the ISMS is implemented as scheduled. He is trained and periodically retrained by Eldermans | Geerts. We chose to work with this party because they are the expert on healthcare-related (privacy) legislation. BeeHolder BV treats the reintegration and medical records of employees of its clients as a healthcare organization should treat the records of its clients. For this, we worked very closely with GGZ NHN to adopt the client model they use and also use it for employees who are reintegrating.
Our privacy officer has also worked for other organizations and government agencies in the past in handling complaints and questions surrounding the issue of privacy. Moreover, he is an external party, so independence is guaranteed.
Of course, our experts, and those of our clients, may have overlooked something. Maybe you are better and smarter than them. In that case, please report it at email@example.com so we can reward you with a bug premium or a job.