Last updated: February 4, 2026
STAEDEAN has implemented essential safeguards, combining technology, best practices and processes to protect personal data from loss, unauthorized access, or misuse, ensuring confidentiality, integrity, and availability, as required by regulations for Data Protection.
STAEDEAN has obtained and ISO/IEC 27001:2022 certification for its Information Security Management Systems (ISMS).
Organizational controls and measures: these are foundational policies, procedures, and governance structures that define how an organization manages information security, covering areas like defining roles, risk assessments, information classification, supplier management, legal compliance, and security awareness, acting as the bedrock for other controls (people, physical, technological) within an Information Security Management System (ISMS).
-
Policies for information security, Information security roles and responsibilities
-
Management responsibilities
-
Contact with authorities, Contact with special interest groups
-
Threat intelligence
-
Information security in project management
-
Inventory of information and other associated assets, acceptable use of information and other associated assets
-
Return of assets
-
Classification of information and labelling of information
-
Information transfer
-
Segregation of duties, access control, Identity management, authentication information, access rights
-
Information security in supplier relationships, addressing information security within supplier agreements, managing information security in the ICT supply chain, monitoring, review and change management of supplier services, information security for use of cloud services
-
Assessment and decision on information security events
-
Information security incident management planning and preparation, response to information security incidents, information security during disruption
-
ICT readiness for business continuity
-
Protection of records, Privacy and protection of personal data
-
Independent review of information security
-
Compliance with policies, rules and standards for information security and documented operating procedures
People controls and measures: these manage the human element of information security, focusing on employee awareness, responsibilities, and behavior.
-
Screening
-
Terms and conditions of employment and responsibilities after termination or change of employment
-
Information security awareness, education and training
-
Disciplinary process
-
Confidentiality or non-disclosure agreements
-
Information security event reporting
Physical controls and measures: these are measures to protect physical premises, equipment, and information from threats like unauthorized access, damage, or interference, covering perimeters, entry, monitoring, secure areas, equipment security (siting, maintenance, disposal), and environmental safeguards (power, fire suppression).
-
Physical security perimeters, physical entry, securing offices, rooms and facilities, physical security monitoring, protecting against physical and environmental threats
-
Working in secure areas, clear desk and clear screen, equipment siting and protection
-
Security of assets off-premises
-
Storage media management
-
Cabling security
-
Equipment maintenance, and secure disposal or re-use of equipment
Technological controls and measures: these are technical safeguards that protect information systems, networks, and data, ensuring confidentiality, integrity, and availability (CIA), aiming to prevent cyber threats and unauthorized access.
- Privileged access rights, Use of privileged utility programs
- Information access restriction, Access to source code and Secure authentication
- User endpoint protection, Protection against malware,
- Capacity management
- Management of technical vulnerabilities, Configuration management
- Information deletion, Data leakage prevention
- Information backup
- Redundancy of information processing facilities
- Logging, Monitoring activities
- Installation of software on operational systems
- Networks security, Security of network services, Segregation of networks
- Web filtering
- Use of cryptography
- Secure development life cycle, Application security requirements, Outsourced development
- Secure system architecture and engineering principles, Secure coding, Security testing in development and acceptance, Test information, Protection of information systems during audit testing
- Separation of development, test and production environments
- Change management
