Security & Compliance

Security & Compliance

Businesses trust Parley with their customer communications on social and messaging channels, expecting their data to be protected and secure. That’s why we do security checks, data encryption, employee screenings and are compliant with industry regulations. We ensure your data is safe with us.

Data centers and network security

Parley services are hosted on a private cloud from True.nl highlander platform in The Netherlands. As such, Parley inherits the control environment which True.nl maintains and demonstrates via True ISO 27001, ISO 9001, NEN 7510 certifications and ISAE 3402 Type 1 en 2 reports. Web servers and databases run on servers in multiple secure data centers.

Access Controls

Logical access to the Parley production system is restricted by an explicit need-to-know basis, utilizes least privilege. It is frequently audited and monitored and is controlled by the production and security teams from true.nl. Premises are monitored and access is logged.

Data Encryption

Parley encrypts all customer data, both in transit and at rest on disk. Communications between you and Parley are encrypted via HTTPS and Transport Layer Security (TLS) industry best-practices.


Software Platform Security

Security Audits

Every six months external security firms scan our software for vulnerabilities. Recent conclusion: “No security vulnerabilities were found with a high or critical security impact. That is good news. The security of the Parley platform proved to be hard to break. Although various improvements are found to further strengthen the platform, no high and critical security risks were found. That’s good. ”

Advanced Security Platform

Parley has comprehensive protection with the Advanced Security Platform We optimized our software security with real-time insight into common attacks (SQL injections, XSS), protection against Layer 3, 4 and 7 DDoS attacks and blocking rogue IP addresses.

Private Database and Application Servers

Our shared hosting solution is fully horizontally scalable on multiple servers in multiple datacenters. Businesses can use private application servers and database servers for an even more secure environment. The private servers allow hardware firewalling on ip addresses, data encryption on disk, own release schedule and logging settings.

Uptime

We have uptime of 99.9% or higher.


Employees

Incident Response Plan

We have educated all our staff on our policies and have implemented a formal procedure for security events.

Confidentiality Agreements

All staff and new employees are screened through the hiring process and required to sign non-disclosure and confidentiality agreements.

Background Checks

All new employees undergo criminal history and background checks prior to employment.

Security and Privacy training

All employees must take the Parley security awareness training at least once a year, which covers the information security policies, security best practices, and privacy principles.


Compliance certifications

ISO 27001 and NEN 7510

Parley is certified for ISO 27001 and NEN 7510, which are specifications for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes.

ISO 9001

Parley is ISO 9001 certified. We have set up a quality management system. ISO 9001 is based on a number of quality management principles including a strong customer focus, the motivation and implication of our management, the process approach and continual improvement.

GDPR

Parley has designed its Privacy Program based on European privacy laws and is compliant with applicable laws to ensure that no matter where they are located, customers using our platform will be able to comply with any privacy framework, including the GDPR.


Privacy Focus

Internal Processes and Audit

Our Chief Privacy Officer works with our developers to make sure we comply with applicable international privacy laws. We do yearly audits to ensure continuous focus.

Data processing

We process personal data only on behalf of our customers. The gathered data will never be shared, used or sold to other customers. Our privacy practices are outlined in the privacy statement. Privacy statement

European Data Processing

Customers with strict data residency requirements have the option of having their data hosted, stored and backed up entirely within the EU. By default, your data is hosted in the Netherlands.

Backups & Monitoring

On an application level, we produce audit logs for all activities. We save log entries for analysis and use managed backup from True.nl for archiving purposes. All actions taken on the Parley application are logged.