Security

BSI 10012 Data Protection

We’re Serious About Security

We respect your privacy and take significant efforts to protect all your data. We would never do anything with your data that we wouldn’t be proud to tell the world about and ensure all data sent to Procurewise and its servers is handled securely. Whether it’s your information or your passwords, we promise to keep it private.

SOC2 Compliance

Procurewise is one of the first vendor management systems (VMS) to be SOC2 compliant, and one of the first software-as-a-service (SaaS) companies to utilize the SSAE 16/18 framework to provide security review. We undergo an independent third-party annual SOC2 audit that reviews certain internal controls and processes. The audit covers internal governance, production operations, change management, data backups, and software development processes. It evaluates that we have the appropriate controls and processes in place and that they are functioning appropriately in accordance with standards.

The SOC2 program offers independent verification that our practices offer a recognized standard of security measures. Furthermore, the program is designed to cover key elements of data processing and integrity while maintaining auditing practices within our business and operational processes. We have integrated SOC controls into all of Procurewise’s operating procedures. These procedures span the organization, teams, and/or functions that provide service or support to our clients on our platform. The key components of our SOC2 controls environment include:

  • Corporate Governance: how we provide oversight of our business & people
  • Change Management: how we make sure changes are tracked & properly reviewed
  • Access Control and Management: who has access to our platform operations & how this access is managed
  • Data Redundancy and Backup: how data is kept safe & stored in the event of adversity
  • Software Architecture and Development: oversight of the development effort around our platform

Data Encryption

All sensitive data is securely encrypted in the database and decrypted only if accessed by the authorized users through the application. We use industry-standard encryption algorithms to keep the data (and data backups) safe and secure.

Personally Identifiable Information

Procurewise de-identifies data wherever possible and implements access controls wherever necessary, with all sensitive information encrypted by default. Sensitive information is made accessible only to people who need it to do their job.

Get a FREE Demo

Find out how Procurewise can work for you