Made in Germany & Switzerland
The flag of GermanyThe flag of Switzerland
jacando logo
The road to ISO 27001

Security and
Compliance at jacando

Security is at the heart of what we do - we help our customers improve their security and compliance, starting with ourselves.

Alexander Pelka
Alexander Pelka
Co - Chief Executive Officer
double quote

At jacando we firmly believe that security isn't just a feature; it's our foundation. Our commitment to robust security measures isn't just about protecting data; it's about safeguarding trust.

Compliance @jacando via Vanta

Ensuring the protection of our customer-related data is of utmost importance for our company. It is crucial that we ensure all information collected about our customers is used only for the necessary purposes.

Infrastructure security
Organizational security
Internal security procedures
Product security
Compliance @jacando via Vanta

Google Cloud Security

The security of Google Cloud is an integral part of the services that Google offers to its customers.

Cloud Security

Insight into jacando’s security
poilicies – Information handling

All information assets must be classified according to their sensitivity level. Employees are responsible for handling and protecting information according to its classification. It is important to ensure that appropriate measures are taken to maintain confidentiality, integrity and availability.

Purpose Limitation

Customer-related data may only be used for the defined and necessary business purposes. Any usage not directly related to operational requirements is strictly prohibited.

Local Storage and Usage

Local storage and usage of customer data on personal devices or local servers are generally prohibited. All data must be stored and processed on the designated and secure company systems.

Dissemination & Sharing

The dissemination or sharing of customer data with external parties is strictly prohibited unless explicit approval is granted by the customer.

Exceptional Cases and Approval

In specific situations, local storage of customer data may be required, but prior approval from Timo Zimmermann or Alexander Pelka is essential. Unauthorized actions will be deemed policy violations.

Security and

Each employee is obligated to take security measures to protect customer-related data from unauthorized access or loss. It is the responsibility of each one to ensure compliance and protection.

Compliance duty

Failure to adhere to these guidelines may result in disciplinary measures and legal repercussions. We urge every individual to responsibly manage customer data and promptly report any uncertainties or concerns to management.

Our path to ISO 27001 certification

Our path to ISO 27001 certification

The implementation of an information security management system (ISMS) in accordance with the ISO 27001 standard comprises several steps, which are roughly outlined below:

Last updated on 07.05.2024


Defining preparation and responsibilities

Development of measures to deal with the identified risks. This can include the implementation of security controls, processes and guidelines.


Carry out initial analysis

Assessment of the current status of information security in the company. This includes the identification of assets, threats, vulnerabilities and risks.


Definition of the scope of application

Definition of the scope of application of the ISMS, i.e. which parts of the company and which information is to be covered.


Carry out risk assessment

Identification and assessment of risks in connection with the company's information and information systems of the company. This includes the definition of risk assessment criteria and the prioritization of risks.

Definition of risk assessment criteria

Prioritization of risks


Plan risk treatment

Development of measures to deal with the identified risks. This can include the implementation of security controls, processes and guidelines.


Documentation and implementation of controls

Creation of documents such as guidelines, procedural instructions and controls that fulfill the security requirements of ISO 27001. These controls should aim to mitigate the identified risks.

Documentation Security
ISO 27001 Compliance
Risk Mitigation
Security Documentation

Carry out internal audits

Conduct internal audits to ensure that the ISMS meets the requirements of the ISO 27001 standard and functions effectively.


Conduct management review

Regular assessment of the ISMS by management to ensure that it is appropriately implemented and effective. This includes reviewing key performance indicators and identifying opportunities for improvement.

Review of KPIs

Identification of opportunities for improvement


Certification preparation

Preparation for certification by an accredited certification body. This can include a comprehensive review of the ISMS and documentation of conformity with the ISO 27001 standard.


Obtaining and maintaining certification

Carrying out the certification audits by an external certification body and obtaining ISO 27001 certification. The ISMS must be continuously monitored and improved in order to maintain certification.

Safety @jacando

"Security by Design" is an approach that aims to integrate security aspects into the development process of products and systems, rather than treating them as an afterthought. This approach aims to ensure that security considerations are taken into account from the outset in all phases of product development.

Risk assessment

Identification of potential security risks and threats at an early stage of product development. This makes it possible to plan and implement appropriate security measures to mitigate these risks.

Security architecture

Safety requirements

Security checks

Training and awareness

Safety @jacando
Questions & Answers

FAQ on the topic of security & compliance

If you have any questions about the security of jacando, you can contact us or your administrators at any time for further information and to ensure that your data is adequately protected.

How secure is our data in a cloud HR tool?

jacando has implemented strict security measures to ensure the confidentiality, integrity and availability of your data. These include encryption technologies, access controls, regular security audits and compliance with industry standards such as ISO 27001.

Who has access to our HR data in the cloud?
How is data security guaranteed in a cloud HR tool?
What measures are taken to comply with data protection regulations?

Maximum security in the Google Cloud

The security of Google Cloud is an integral part of the services that Google offers to its customers.

Maximum security
in the Google Cloud

Privacy & Security 
in our Blog

Google Cloud Security - Maximum security and data protection compliance
Security and Compliance
Google Cloud Security - Maximum security and data protection compliance

Read how Google Cloud protects your data and meets all compliance requirements.

A small round picture of the author Alexander Pelka
Alexander Pelka
Request demo
Experience software free of charge

Leave your contact details and look forward to a personal 45-minute demo via video conference with our experts and learn how you can benefit from jacando.

You can see a users cursor on the sleek jacando interface
We will support you!
Number of employees *
Fields of interests
We have received your request and will get back to you as soon as possible.

abstract visualisation of a toggleabstract visualisation of a toggle
Stay in the loop

Always informed about new topics & functions with the jacando newsletter