WhistleB Trust Centre
At NAVEX WhistleB, we prioritize data privacy and protecting our customers. Our data centers are located within the EU, using customer-controlled encryption to ensure sensitive data remains secure. The storage of customer data is also compliant with the General Data Protection Regulation (GDPR).
Advanced data privacy and security settings
Prioritized data protection
Protecting sensitive data is vital for our customers – and it’s at the heart of all NAVEX WhistleB functions. By default and design, security is embedded within the system, protecting organizations across Europe and the world and ensuring their confidential data remains confidential.
How we protect data
- Secure multi-factor authentication
- Intrusion detection and prevention
- Data encryption in transmission and storage
- Activity logs by case and by users
- Redundancy of data to prevent loss
A flexible, reliable service platform
Secure data storage
We use Microsoft Azure as our hosting and development platform service, which gives us the most comprehensive compliance offerings, certifications and 24/7/365 operation.
These platform services have data center security measures to protect against power failure, physical intrusion and network outages.
Certifications
Microsoft Azure has a broad range of certifications and is committed to their annual renewal. Their certifications include:
- ISO 27001 – the international standard for information security management
- ISO 27018 – the international standard for protecting personal data in the cloud
- Cloud Security Alliance
You can access Microsoft Azure’s security management and compliance statements through the Microsoft Trust Center.
Commitment to legal compliance globally
Legal compliance
NAVEX WhistleB operates and complies with current data protection laws in 150 countries, including the EU Global Data Protection Regulation (GDPR) and the EU Whistleblower Protection Directive.
How we meet essential GDPR requirements
Data is stored in the EU with customer-controlled encryption, so NAVEX and its suppliers are unable to access sensitive customer data.
Microsoft Translator is included in the NAVEX WhistleB case management tool. Text submitted through the safe machine translation function is not stored or written to persistent storage; the functionality of Microsoft Translator is GDPR compliant.
Adherence to ISO 27001
NAVEX WhistleB Information Security Management System
Our Information Security Management System (ISMS) complies with ISO/IEC 27001:2017. It ensures information security and personal data management are considered throughout the service lifecycle.
Information security
The ISMS governs NAVEX WhistleB’s internal processes and our relationships with customers, partners and suppliers, helping us ensure customer data confidentiality, integrity and availability.