Audit: Collenda currently gets proof of the services-quality

Part of Tim Deipenbrock’s job is to send out fraud emails to his colleagues. But of course Collenda’s Group Security and Quality Officer doesn’t want to lure anyone to dubious fraud sites. On the contrary, it’s more about making colleagues aware not to click on dangerous links within external emails.

The precautionary measure is a small part of the Collenda quality offensive. Currently, our company is being certified according to ISAE 3402. The auditing standard certifies a holistic control system for various areas within a company. At Collenda, the software suite Open Credit 4.0, reporting, incident and change management, logical access management (role authorisations and internal processes) as well as general IT controls are examined.  “Together with an external service provider, we have defined so-called controls that are checked,” says Tim Deipenbrock, who is responsible for all Collenda locations in Germany and the Netherlands.

Two levels of certification

In this way, Collenda does much more than just the compulsory task. There are two levels within the ISAE 3402 certification: Type I assesses the defined controls and makes an inventory; Type II also tests the effectiveness over a defined period of time. “We are certified according to Type II. In April, our controls are retrospectively checked by an auditor,” explains Tim Deipenbrock.

After the audit, a check is made once a year to see whether all rules are being observed. Collenda also attaches great importance to the security of its IT infrastructure. To ensure this, a so-called pentest (penetration test) is used to check whether it is possible to penetrate Collenda’s systems without authorisation. An external company is commissioned to flood the Collenda servers with spam or to hack into our systems.

Collenda has always invested extensively in its security architecture and has withstood all attacks to date. The security focus has a good reason: cyberattacks through ransomware or malware, identity theft or so-called DDoS attacks are increasing more and more, according to the Federal Criminal Police Office. DAX companies have recently been affected just as much as tax offices or industrial groups.

The cloud as a secure data fortress

Security aspects are also a reason why Collenda is increasingly orienting itself as a cloud company. Collenda is not alone in this stance. “Sixty-one per cent of security professionals believe the risk of a security breach in cloud environments is equal to or lower than in on-premises environments” – this is the result of a 2019 study by Nominet, the world’s leading domain name registrar. Some 300 UK and US C-level security professionals were surveyed as part of the study. Security departments could respond more quickly to threats in the cloud, instead of having to look for cyber threats and flaws in their own infrastructure. “It is a key for us to ensure the best possible security for customer data in the cloud,” explains Collenda CEO Hartmut Wagner.

That Collenda’s cloud service provider also complies with all controls is also part of the certification process. Tim Deipenbrock explains, “We made sure that our cloud provider is certified according to ISO 27001 and ISAE 3402 and can say that all security regulations are optimally adhered to.” Of course, compliance with all data protection regulations also plays an important role. In this respect, it goes without saying that the Collenda Cloud is operated in a data centre in Germany.