Bizzdesign Alfabet - Trust Center

Welcome to your central repository for security, privacy, and compliance documentation, where you'll find transparent access to the authoritative documents that underscore our unwavering commitment to safeguarding sensitive data, maintaining operational resilience, and upholding the highest standards of corporate responsibility across all facets of our business activities.

• Information security
• Business continuity
• Quality Management
• Data Protection

Information security

Information Security Management System

The ISO/IEC 27000 standards series is a widely recognized set of international security standards that specifies security management best practices and comprehensive security controls. The foundation of this certification is the development and implementation of an Information Security Management System (ISMS).

We define our approach to managing security for cloud services in a holistic, comprehensive manner and provides a suite of information security measures to:

• Protect cloud information assets from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction
• Proactively identify security risks, prevent, detect, and respond to security breaches and violations
• Comply with legal, regulatory, and contractual requirements
• Adopt an overarching management process to ensure information security controls meet information security needs on an ongoing basis

The independent third-party auditor assessment, which validates compliance with the ISO/IEC 27001 standard, provides evidence that Alfabet is in accordance with industry-leading best practices.

Alfabet holds ISO/IEC 27001 certification, which we acquired as part of Software GmbH. Following the acquisition by Bizzdesign, we are working on renewing the certification, which will also be accessible here.

See certificates:

• ISO 27001 Information Management System Certificate
• ISO 27017:2015 and ISO 27018:2019 Certificate

Service Organization Controls (SOC)

SOC reports are independent third-party examination reports that demonstrate how Alfabet achieves key compliance controls and objectives. The purpose of these reports is to help you understand Alfabet controls established to support operations and compliance. SOC 3 reports are public reports that provide a high-level overview of an organization's controls and security risks and a summary of the SOC 2 reports.

Alfabet holds SOC 2 certification, which we acquired as part of Software GmbH. Following the acquisition by Bizzdesign, we are working on renewing the certification, which will also be accessible here:

• SOC 3 Certificate
• SOC 2 Certificate: To obtain a copy of this certificate, please contact your CRM representative or the Alfabet CTO.

Business continuity

Our ISO 22301-certified Business Continuity Management System incorporates our best-practice governance processes and incident response teams. This assures critical systems are available for our customers so they can meet their compliance requirements. Customers get the services they need, quickly and effectively, even in a crisis situation. We continually align our Business Continuity Management System to changing requirements, review it regularly and improve continuously its efficiency.

Alfabet holds ISO 22301 certification, which we acquired as part of Software GmbH. Following the acquisition by Bizzdesign, we are working on renewing the certification, which will also be accessible here.

• ISO 22301 Certificate

Quality Management

Our ISO 9001 certification is foundational for assuring high customer satisfaction, delivering the best-quality services and software as well as making continuous improvements. As part of our Quality Management system (QMS), it describes the processes, roles and rules that guide the daily work of every employee and how critical assets are secured. This framework:

• Assures compliance with laws and regulations on quality, safety and performance
• Safeguards our ability to support our customers
• Clearly defines transparent processes
• Enables a continuous stream of innovation in an agile development environment
• Builds in feedback to assure we supply quality software that creates a competitive advantage for our customers

Alfabet holds ISO 9001 certification, which we acquired as part of Software GmbH. Following the acquisition by Bizzdesign, we are working on renewing the certification, which will also be accessible here.

• ISO 9001 Certificate

Data Protection

Alfabet products have been analyzed in respect to their functionality of processing personal data regarding the applicable data protection principles. For future functionalities, a release task to check for data protection compliance has been integrated into the product release cycle.

We have defined clear processes for relevant data protection aspects:

• Handle Data Subject Requests
• Handle Data Breach
• Review DPA (Data Processing Agreement)
• Data Privacy Impact Assessment Necessity Check
• Data Privacy Impact Assessment (DPIA)
• Data Breach and Risk Assessment
• Transfer Impact Assessment (TIA)

When processing personal data on behalf of our customers (data controllers) or when access to personal data cannot be ruled out in line with service provision following aspects are covered:

•    Customer’s instructions: Alfabet processes personal data only as instructed by the customer and in compliance with data protection law applicable to the customer.
• Sub-processors: Our mission is to provide for high support services availability. This requires Alfabet to include its affiliates all around the world as well as carefully selected external service providers into its support process. These organizations act as sub-processors to our customers. Also, for providing cloud and consulting services, sub-processors are used to provide the highest possible standard of quality, performance and flexibility to our customers.
• Data transfer: As mentioned above, for service provision, a transfer of personal data to external service providers is occasionally necessary. For any data transfers from EEA to countries without an adequate level of data protection, EU Standard Contractual Clauses are in place. This ensures the necessary safeguards to protect customers’ personal data in accordance with data protection regulations.
• Data subject requests: Alfabet’s customers as the data controllers might be required due to applicable data protection law to provide information upon a data subject’s request. To the extent the request was addressed to Alfabet by a data subject directly, we will notify the respective customer and will respond to the data subject in accordance with the customer’s instructions. Additionally, we will support our customers using appropriate technical and organizational measures to respond to data subjects’ requests themselves.
• Data breach notification: In case of a data breach, Alfabet’s customers as the data controllers might be obliged to fulfill certain notification obligations towards the affected data subjects and / or the supervisory authority. Alfabet will inform its customers without undue delay in case we have documented reason to believe that a data breach at Alfabet or our sub-processors has occurred.

All our processes regarding data protection are subject to regular external audits in line with ISO 9001 certification.

Alfabet holds ISO 9001 certification, which we acquired as part of Software GmbH. Following the acquisition by Bizzdesign, we are working on renewing the certification, which will also be accessible here.

• ISO 9001 Certificate

Data Protection Officer:

Jean-Michel Chouteau
9, avenue René Coty
75014 Paris
Phone: +33 6 76 24 44 66