Integrity Line Home | Security
The EQS Integrity Line whistleblowing hotline: secure and certified
As a RegTech company which offers software products for the compliance and investor relations industries, IT security is the top priority at EQS Group.
Our EQS Integrity Line whistleblowing hotline therefore conforms to the highest standards of IT security and data protection.
Certified data security
Both EQS Group and our data centres are certified according to ISO/IEC 27001, which guarantees high security standards.
With the information security management system (ISMS) established in this context we have created binding processes and responsibilities across all areas of the company – from IT development to system support – thereby protecting confidential data from misuse, loss and disclosure.
ISAE 3000 Type I and II
Audited according to ISAE 3000 data protection standards
The EQS Integrity Line whistleblowing hotline ensures that your organisation fully complies with European data protection requirements and the EU Whistleblowing Directive (GDPR compliant).
EQS Integrity Line has been audited by an external audit conducted by PwC, according to ISAE 3000 Type I and II, which upholds high standards in terms of processing and protection of personal data.
Top marks for end-to-end encryption
We regularly earn top scores for our secure end-to-end data encryption and for using the strongest ciphers and secure mechanisms when handling keys.
Top marks for end-to-end encryption
Accessibility
The EQS Integrity Line reporting channel complies with the Web Content Accessibility Guidelines (WCAG bronze level certification). This means, for example, that people with impaired vision are also able to use the system to its full extent.
Anonymity thanks to high-security encryption
Your report and case data are encrypted at all times. We use the latest encryption algorithms and SSL certificates, meaning that EQS Group can at no time access your, or your whistleblowers’, data.
In addition to complete anonymity for the whistleblower, the EQS Integrity Line enables an anonymous dialogue between the whistleblower, case handler and external experts. The system does not employ any tracking mechanisms on users.
EQS Group can at no time access your, or your whistleblowers’, data
Environmental management ISO 14001
ISO 14001 certified data centre
Our data centre in Munich East is ISO 14001 certified and relies 100% on green electricity from renewable sources (sun, wind, water and biogas) for its operation. The use of CECC (Combined Energy and Cooling Cells) has also helped to reduce energy consumption for cooling and operation by 70%.
Modern firewalls for greater protection
We use a web application firewall in addition to our standard firewall. If the firewall detects suspicious or dangerous patterns, it blocks further communication. This provides the platform with additional protection against SQL injections or XSS attacks.
Proven system security
EQS Group regularly carries out external penetration test to verify our high levels of IT security.
As part of this process, both the user interface and case management are checked in detail with regards to:
- Threat analysis in accordance with OWASP Top 10 vulnerabilities
- Test of cryptography, architecture and system design
- Session and identity management
- Authorisation concepts
Transparency in cloud computing
EQS Groups promotes transparency and compliance when it comes to security in the cloud.
This is why we adhere to the STAR Registry program of the Cloud Security Alliance for EQS Integrity Line. For more information see here.
Comprehensive protection
Additional security is guaranteed through daily backups which are stored for several years in geographically distributed data centres.
Regular backup tests are carried out to ensure that no data is lost, even in the event of a emergency.
Application security & access controls
Two-factor authentication
It’s better to be safe than sorry. This is why EQS Group has included an additional security level to the EQS Integrity Line whistleblowing hotline – login with two-factor authentication as standard.
Login with two-factor authentication as standard
Single Sign On
Single sign-on enables caseworkers to seamlessly transition between different applications, creating efficiencies.
OpenID Connect enables simple, state-of-the-art authentication and authorisation of caseworkers and administrators.
Authorisation concepts
Granular authorisation concepts mean that the need-to-know principle is firmly in play. Working in tandem with our automatic case routing, caseworkers are only authorised for countries and case categories for which they are explicitly responsible. In line with duty segregation requirements, administrators can also be clearly divided according to their responsibilities in the user and system administration. Dual control can also be configured to ensure better monitoring of critical functions.
Individual policies
The EQS Integrity Line whistleblowing hotline adapts to your organisation – password settings and other rules can be customised to meet your individual requirements.