Excellence in Data Protection: TÜV certifies collectAI
The renowned technical inspection association TÜV Saarland has certified collectAI for its information security management system, thereby underlining compliance with the highest security standards in data protection.
collectAI officially fulfills the legal requirements for data protection, the data protection requirements catalog of TÜV Saarland, the principles of IT security based on the current state of the art based on IT protection according to BSI and the international standard for management systems for information security ISO / IEC 27001. The certificate is publicly available here.
“Our clients entrust their most sensitive data to us. The TÜV certification in the area of data protection and IT security confirms our commitment to the highest security standards and certifies, that our client’s data is reliably protected according to international standards”, explains Managing Director Sebastian Hoop.
Data Protection is part of our DNA
Working with sensitive data and applying Artificial Intelligence demand great responsibility. Therefore, collectAI has been guaranteeing comprehensive data protection on a technical and organizational level right from the start.
As an Otto Group company, collectAI operates within the framework of strict guidelines in the area of IT security and fulfills these beyond the legally required standards of the General Data Protection Regulation (GDPR).
How collectAI guarantees Data Protection and IT Security
collectAI only stores data on cloud servers that are located in Germany which have been certified according to ISO 27001. With strong RSA procedures, all data is encrypted during storage and transmission. collectAI implemented central key management and 2-factor authentication to access sensitive system areas and data.
Measures such as intrusion detection, logging of all activities and extensive physical security measures ensure a high level of security. Additionally, external experts conduct security penetration tests on a regular basis. In this way, the systems are always protected against unauthorized access.
How the TÜV checks Data Protection
To review data protection standards, the TÜV considers structural, organizational and technical requirements such as encryption, responsibility regulations, access regulation, purpose determination, password management, data processing processes, outsourcing and control mechanisms.
The basis for this is formed by laws such as the Federal Data Protection Act (BDSG), aspects of the BSI IT-Grundschutz catalog, parts of ISO 27001, TÜV-specific requirements as well as industry-specific laws and contractual regulations. Find more details here.