Information security
Ensure information and data security with Pagero’s physical and cyber protective measures.
Contact us
Protecting customer information
The security of our customer data is of the greatest importance to Pagero. We ensure data security through the implementation of multiple industry-specific measures. Below are a few examples of the way we work.
Our safety measures
Information security program
Risk management
Supplier management
Access management
Secure communication
Physical security
Information security program
Pagero has implemented an information security management system (ISMS) and privacy management system (PIMS), including a range of applicable policies, instructions and routines that govern how we work with security and privacy.
Risk management
Identifying, assessing and managing risks are a key component of a robust information security program. Pagero has implemented a process which includes both information security, data protection/privacy and supplier risk.
Supplier management
Ensuring customer data's confidentiality, integrity, and availability in our supply chain is an essential part of our information security framework. Our supplier management process is designed to ensure that the Pagero standards are upheld throughout the chain and is tested and verified by external auditors.
Access management
Access management single sign-on using multi-factor authentication (MFA) is mandatory for all Pagero's support staff accessing Pagero's cloud services, and we promote MFA as authentication method for customer users for increased security.
Secure communication
Pagero’s platform supports secure communication protocols to ensure that transferred information cannot be accessed by unauthorised personnel or third parties.
Physical security
Our data centres are protected according to industry standards with burglar alarms, fire protection, power & internet redundancy and shelter against natural disasters. All centres are monitored 24/7 and only authorised staff have access to the buildings in accordance with our access policies and procedures.
Information security program
Pagero has implemented an information security management system (ISMS) and privacy management system (PIMS), including a range of applicable policies, instructions and routines that govern how we work with security and privacy.
Secure Development: Privacy and Security by Design
For Pagero, security and privacy are more than just buzzwords - they are essential to any successful software development project. Every product is designed and developed with privacy by design and security by design in mind at every stage of the process.
- Privacy by design is an approach to systems engineering which takes privacy into account throughout the whole engineering process.
- Security by design is an approach to software development that seeks to make systems as free of vulnerabilities as possible through measures such as continuous testing, authentication, and adherence to best programming practices.
Certifications and audits
ISO 27001 and 27701 certifications
Pagero's cloud services are ISO 27001 certified and Pagero Online is also 27701 certified, which proves the high standard of Pagero's information security and data privacy practices. For these certifications, external certified auditors conduct a rigorous third-party audit of our management system covering information security, cyber security and data protection.
ISAE 3000 SOC2 and ISAE 3402 SOC1
To support business objectives and demonstrate compliance, we implement and maintain a reliable IT control environment according to ISAE 3000 SOC2 TYPE1/TYPE2 and ISAE 3402 SOC1 TYPE1/TYPE2 report standards. Independent auditors perform yearly reviews and issue reports that evaluate our trust service principles and criteria according to the report standards.
Vulnerability and threat management
Pagero works closely with Outpost24, a vulnerability and threat management company that provides best-in-class solutions and help companies to identify and mitigate weaknesses in the network. Outpost24 performs regular penetration tests, vulnerability scanning and real-time threat management that facilitate instant recognition of imminent threats.
Cyber Essentials
Since October 2014, participation in the Cyber Essentials scheme has been mandatory for suppliers of UK Government contracts which involve the handling of personal information and provision of ICT (information and communications technology) products and services. Pagero was certified in 2016 and we are entitled to use the Cyber Essentials badge to certify compliance.