rexx systems is now officially certified according to ISO 27001 after a successful audit by TÜV Nord for its management systems. This seal of approval for a high level of IT security also applies to the sister companies rexxact and HRexcellent as well as to the subsidiaries in Austria and Switzerland.
The rexx group of companies has always set high IT security standards for the benefit of its more than 2,600 customers and, following a successful audit by TÜV Nord, received the highest award for information security management systems (ISMS) with certification in accordance with ISO/IEC 27001:2013. The ISO 27001 standard also includes the requirements for assessing and handling risks in the area of data protection.
Audit confirms high level of IT security
The International Organization for Standardization, known as ISO for short, allows companies to self-certify, but in Germany an ISO 27001 certificate can only be awarded by an ISO 27001 basic protection auditor certified by the Federal Office for Information Security (BSI).
Therefore, rexx systems turned to TÜV NORD CERT GmbH for certification. As a certification body, this company carried out a successful audit in accordance with the BSI specifications.
The audit report with the number 3531 1171 also includes the latest version 1.1 from March 2022 of the certification according to ISO 27001 and is valid for three years until March 2025 according to the ISO statutes. The certificate is also valid for the information management systems of the sister companies rexxact GmbH and HRexcellent GmbH, which are also based in Hamburg, as well as for the two DACH branches rexx systems Austria GmbH in Vienna and rexx systems Switzerland AG in Zurich.
Security awareness is part of the rexx DNA
In addition, the scope includes sales, consulting as well as development of all software solutions in the areas of human resources (HR), applicant management, talent management and CRM, the latter a particular strength of rexxact.
“The ISO 27001 certification is a major milestone in our more than 20-year company history, but confirms that we have always focused on the highest IT security standards. These are practically part of our DNA and also that of our employees. To remind them of this and to keep vigilance high, we have already set up new information security policies in May 2021 and we are also willing to enforce these policies. But IT security starts with us at C-level. We have to set a good example,” says Norbert Rautenberg, who founded rexx systems in 2001 and has since become one of the market-leading HR software providers in Germany.
Data Hosting in Germany
The certificate serves rexx systems to implement the Information Security Management System (ISMS) and the following goals:
- Preservation and protection of the image of rexx systems, rexxact and HRexcellent.
- Fulfilment of all legal requirements
- Minimising damage in the event of incidents that jeopardise IT security
- Increasing the resilience of the company and its processes
- Compliance with protection goals regarding availability, integrity and confidentiality
- Information security as a task and duty of all employees
The new information security policy, which was communicated to the entire staff in May 2021, was another important step on the way to the DIN ISO/IEC 27001 certification confirmed by TÜV Nord.
Data security and data protection in accordance with the DSGVO, which has been binding throughout the EU since May 2018, have such a high priority at rexx systems that the company was one of the few providers in the market environment to have its own HR software certified itself. This is another reason why more and more companies trust in the expertise and software products of rexx systems, rexxact and HRexcellent.
You might also be interested in:
Do loyalty programmes really create more employee retention?
Remote work and high sensitivity: can it work?
In Progress: HR trends in 2022