Trust Center
Welcome to the rexx Trust Centre. Your security and trust are our top priority. As an ISO 27001:2022 certified software company, we do everything we can to protect your data and offer you the best security standards. Our commitment to data security is not only a legal responsibility, but also a central part of our commitment to excellent customer service.
All important documents
Infrastructure
Test Policy
Risk Profile
Infrastructure Test Policy
These reports document the results of penetration tests that are carried out to uncover vulnerabilities in the IT infrastructure.
Penetration Test Reports
These reports contain the analysis of tests carried out on the entire IT infrastructure to guarantee its security and robustness.
Penetration
Test Reports
Risk Profile
Infrastructure Test Policy
These reports document the results of penetration tests that are carried out to uncover vulnerabilities in the IT infrastructure.
Penetration Test Reports
These reports contain the analysis of tests carried out on the entire IT infrastructure to guarantee its security and robustness.
Data Backup
Concept
Data Security &
Protection of Personal Data
Data Backup Concept
This policy defines how regular backups are created and how the backed-up data is protected and stored.
ISO 27001:2022 Certificate
This policy describes how data is categorised according to its sensitivity and importance and protected accordingly.
Data Encryption Policy
This policy determines how and when data must be encrypted in order to be protected against unauthorised access.
ISO 27001:2022
Certificate
Data Security &
Protection of Personal Data
Data Backup Concept
This policy defines how regular backups are created and how the backed-up data is protected and stored.
ISO 27001:2022 Certificate
This policy describes how data is categorised according to its sensitivity and importance and protected accordingly.
Data Encryption Policy
This policy determines how and when data must be encrypted in order to be protected against unauthorised access.
Data Encryption
Policy
Data Security &
Protection of Personal Data
Data Backup Concept
This policy defines how regular backups are created and how the backed-up data is protected and stored.
ISO 27001:2022 Certificate
This policy describes how data is categorised according to its sensitivity and importance and protected accordingly.
Data Encryption Policy
This policy determines how and when data must be encrypted in order to be protected against unauthorised access.
TOM
(Technical and Organisational Measures)
Access Controls
TOM (Technical and organisational measures)
This guideline regulates the requirements for passwords, such as complexity, length and the frequency with which they must be changed in order to protect access to sensitive data.
Business Continuity
Policy
Risk Management
Business Continuity Policy
This guideline ensures that the company is quickly operational again in the event of unexpected disruptions.
Information Security Policy
This policy defines measures to ensure the confidentiality, integrity and availability of information within the company.
Information Security
Policy
Risk Management
Business Continuity Policy
This guideline ensures that the company is quickly operational again in the event of unexpected disruptions.
Information Security Policy
This policy defines measures to ensure the confidentiality, integrity and availability of information within the company.
General Incident Response
Policy
Incident Management
General Incident Response Policy
This policy defines how the company should respond to security incidents in order to minimise damage.
Environmental standards
This guideline describes the steps for restoring systems and data after a security incident.
Environmental
Standards
Incident Management
General Incident Response Policy
This policy defines how the company should respond to security incidents in order to minimise damage.
Environmental Standards
This guideline describes the steps for restoring systems and data after a security incident.
Data Security &
Protection of personal data
- ISO 27001:2022 Certificate
- Data Backup Concept
- Data deletion
- Encryption Policy
- Encryption-at-rest
- Encryption-in-transit
- Physical data security
Safety measures
- Employee training
- 24/7 Security Operation Center (SOC)
- Endpoint Detection and Response (EDR)
- Physical, virtual and logical separation of data & applications
- Credential Management
- Compliance & Whistleblowing
Risk management
- Employee training
- Monitoring of critical infrastructure through 24/7 monitoring
- Business Continuity Policy
- Information Security Policy
Quality management
- Employee training
- Automated & manual quality controls
- Process optimisation
- Customer satisfaction
- Certifications and audits
Risk profile
We carry out automated and manual internal penetration, infrastructure and vulnerability tests. In addition, we have our security checked several times a year by external service providers such as noris network, PlusServer, secuvera and secunet.
- Infrastructure Test Reports
- Vulnerability management
- Patch Management
- Infrastructure Test Policy
Incident management
Active operation of incident management as part of ISO 27001:2022.
- Employee training
- General Incident Response Policy
- Environmental Standards
Access controls
- Strict monitoring of data access
- Comprehensive logging of transactions & accesses
-
TOM
(Technical and organisational measures)
Server status
We continuously monitor both the performance and functionality of our servers to ensure that all central applications are running optimally. Under the following link you can view an overview of the current status of our most important services at any time and thus always stay informed.
Certifications
ISO 27001:2022
We are certified according to the latest standards and our auditor is TÜV Nord, which guarantees the highest quality and reliability.
Top 100 Innovator
We are one of the most innovative companies in our industry and are constantly setting new standards in software development.
Family-friendly company
rexx systems has been awarded the Hamburg Family Seal of Approval for special family friendliness.
Technology Fast 50 Award
rexx systems was honoured with the Deloitte Technology Fast 50 Award for strong growth and pioneering software solutions.
Extract from our partners
Our partners are carefully selected and must fulfil our high standards. We mainly work with renowned German service providers to ensure the highest quality and safety.
You can find more detailed information about our partners here:
Additional resources
For further information, we offer a variety of documents and whitepapers for you to download. These resources will give you deeper insights into our security practices and help you make informed decisions.
Request access to detailed security reports and guidelines to support your security reviews.
Updates and developments
We do not stand still. Our team is constantly working to improve our security measures. We regularly inform you about new developments and updates so that you always benefit from the latest security standards.
Compliance
Compliance is of central importance to us, as adherence to legal regulations forms the basis for our responsible behaviour. It not only protects our company, but also our customers and partners. Through strict controls and regular adjustments to our guidelines, we ensure that we fulfil all legal requirements and meet the highest standards.
Security and data protection team
If you have any security-related questions or incidents, we are always at your disposal. Contact our dedicated security and data protection team via our contact form or use the rexx whistleblowing system.
Legal Notices
We know that data protection is crucial for the trust of our customers. That’s why we have implemented strict data protection guidelines to ensure that your data is always treated securely and confidentially.
rexx systems logo for download
Do you need the rexx systems logos for your presentation documents?
You are welcome to download our logos here.