ChannelEngine Security
CEO statement
CEO statement
“As a company, information processing is fundamental to our success and fulfillment of our global expansion strategy. The protection and security of that information is a board-level priority.
In order to achieve a high-quality, effective and sustainable Information Security Management System within ChannelEngine, a dedicated Information Security function has been established to carry out the development, implementation, and maintenance of ChannelEngine’s Information Security activities.
ChannelEngine’s management is committed to ensuring the confidentiality, integrity and availability of its client, employee, investor and corporate data that is processed, transferred and stored both physically and electronically. We take our obligation under the GDPR and data protection laws and regulations seriously. ChannelEngine Management is committed to providing the needed resources to develop, implement and continually improve the information security practices that are most appropriate to the company, our customers and in the best interests of our investors.
ChannelEngine management accepts the following principles to ensure sound implementation of core information security requirements and controls throughout the organization;
- Embrace compliance to regulatory framework as a standard and reinforce corporate information security posture by adopting internationally respected professional norms and standards.
- Stand for corporate Information Security Standards when establishing and maintaining business relationships and partnerships with external parties.
- Ensure safety and job security of all employees who internally disclose information security violations, weaknesses and wrong doings.
"We strongly emphasise that information security is everyone’s responsibility at ChannelEngine, and all employees are bound by information security policies and procedures."
Jorrit Steinz - Founder & CEO
ISO 27001 Standard
ISO 27001 Standard
ISO 27001 standard is part of the ISO/IEC 27000 family of standards that was developed to address information security. The full name of the standard is ISO/IEC 27001 - Information Security, Cybersecurity and Privacy protection.
ISO Framework and Purpose of ISO 27001
The ISO framework is a combination of various standards for organizations consisting of agreed-upon rules, specifications and guidelines to ensure that material, products, processes and services are fit for purpose.
ISO 27001 standard specifies requirements for establishment, implementing, maintenance and improving an information security management systems (ISMS) ensuring effective response to threats, good governance culture and reduced costs of information security compliance.
ChannelEngine has been ISO 27001 certified since 2022. Read more here.
Technical and Organizational Measures (TOMs)
Technical and Organizational Measures (TOMs)
Our Information Security Management System (ISMS) covers the following 5 key domains, aligned with enterprise information security best practices.
- Security and risk management
- Security Engineering and Operations
- Software Engineering Security
- Data Protection
- Legal and Regulatory compliance
Achievement of security goals
Achievement of security goals
To achieve the security goals of confidentiality of information, availability of the platform and integrity of exchanged data while using the ChannelEngine application, our partners are advised to observe the following security measures and controls
- Configuration management (Secure protocols)
- Monitoring & response ( Incident handling , alerting)
- Authentication & Access control ( SSO, MFA, Passwords, roles)
- Data protection (Encryption , GDPR)
- API & Integration security (HTTPS, permissions, flows)
- Software updates (patches, vendor checks)
- Secure communication ( Ticketing, encrypted channels)
.png?width=768&height=768&name=website%20page%20768x768%20(2).png)
Your Data. Your Customers. Our Commitment.
Your Data. Your Customers. Our Commitment.
Whether you’re a fast-scaling brand or an enterprise-level marketplace, you can trust that we’ve built privacy-by-design into our platform and operations.
Privacy practices:
GDPR Compliance
- Full alignment with the GDPR and applicable privacy laws and regulations
- Privacy-by-design across product development and architecture
- Lawful basis for data processing
Data retention & deletion
- Data retention policies based on legal, operational and customer requirements
- Right to erasure and full support for data subjects access requests (DSARs)
User Rights & Controls
- Built-in tools to manage access rights and user permissions
- Secure interfaces for data access, correction and deletion
Data Transfers & Subprocessors
- Use of vetted subprocessors with data processing agreements (DPAs)
- Cross-border safeguards for data transfers, including SCCs where required
- Regular review of third party practices
Transparency & Accountability
- Publicly available privacy policy, subprocessors list and data processing agreement
- Internal security awareness training on privacy and data ethics
Responsible Disclosure Statement
Responsible Disclosure Statement
ChannelEngine would like to ask you to help our internal security team better protect our client’s data and product. If you identify a vulnerability, we would like to know about it so that we can take steps to address it as quickly as possible.
