Security and Trust Center

 

House of Control delivers business critical services to its customers.
These trusted services are delivered in line with regulatory and best practice requirements.

software as a service

House of Control’s services are delivered as Software as a Service (SaaS). Our trusted platform is built by embedding security throughout the software development and delivery life cycle. We follow rigorous operational security practices such as penetration testing, vulnerability assessments, and strong internal access controls. 

Making our services secure is a key concern for us. House of Control has many customers with high security requirements in regulated industries, and as a supplier we are committed to complying with these requirements. The requirements we implement in our SaaS solution will therefore be available to all our customers.

Information Security management system

House of Control organizes its privacy and security work in an Information Security Management System (ISMS). When processing personal data for customers' users, House of Control will act as a data processor in accordance with the European Data Protection Act (GDPR). House of Control's ISMS describes systems, policies, processes, routines and measures to ensure privacy, confidentiality, integrity and availability of our customers' data.

Our compliance reporting consists of ISAE 3000 and ISAE 3402 Type I attestation reports. ISAE (International Standard for Assurance Engagements) covers the internal control of a service organization, including information security. In these reports, our entire ISMS and data processing agreement (DPA) are audited. These compliance reports are available to our customers and provide direct audit support for all companies using the Complete Control applications, and to their internal or external auditors.

The security organization led by the House of Controls CISO. In addition, House of Control has appointed a DPO (Data Privacy Officer), whose main responsibility is to ensure and strengthen our ability to comply with regulations for the processing of personal data. We carry out an annual audit program to ensure that the ISMS is performing and implemented in line with best practice.

Operations and security

House of Control uses ITIL and controls from the ISO 27000 framework to ensure effective and efficient processes. These most important processes are:

  • Business Continuity Management
  • Access Control Management
  • Change Management
  • Event Management
  • Request Management
  • Incident Management
  • Operations Management

Processing of personal data

When processing personal data for the customers’ users, House of Control will act as a data processor according to GDPR. House of Control offers a Data Processing Agreement (DPA) that are aligned with GDPR. House of Control secures personal data through strong logical and physical access controls. Personal data is encrypted in transit, and processed in line with our Privacy policy.

House of Control's Data Processing Agreement - DPA

House of Controls’ subproviders, sub-processors and data locations

House of Control's Privacy Policy

 

Operational Status

House of Control use Statuspage as communication tool to inform customers and the system users about outages and scheduled maintenance. System users can subscribe to updates via email or text messages.

Find the status of all systems

Whistleblowing

Whistleblowing Channel