As a cloud solution provider the issue of security for POOL4TOOL has the highest priority. The company as well our solutions are certified according to official standards by independent insitutions. These are evidence of our strong commitment to the highest safety and quality standards.
In addition to our proven security by renowned institutions (Safe Harbor, ISO) and our regular internal audits, we are constantly working on increasing the system security from POOL4TOOL to protect your data. No other SRM provider on the market meets our high, voluntary safety standards.
U.S.-EU Safe Harbor Framework
In 2014 the company earned the U.S.-EU Safe Harbor Certification. This certification upholds the rigorous European Union data standards for companies operating in the United States. All data must be treated with the highest security standards. The certification is renewed every 12 months after the initial certification.
In 2007, we first introduced a Information Security Management System (ISMS) and received the ISO 27001 certification by the Certification & Information Security Services GmbH (CIS). The ISO 27001 certification is reviewed and renewed annually as part of a revision audit. Recently POOL4TOOL was re-certified according to ISO 27001:2005 standards.
Many of our customers - especially international corporations - have their own safety standards. Therefore, our processes and systems are reviewed regularly by our customers, including multi-day security audits after SOX criteria and simulation of black-box attacks and penetration tests by outside security companies.
POOL4TOOL Supplier Self-Services Rel. 1.1 has been certified by SAP. Thur, our company is an official ISV Partner (Independent Software Vendor) of SAP. The solution is based on the latest SAP standards, can be fully integrated in the SAP Enterprise Portal and therefore can bear the logo "Powered by SAP NetWeaver."
The Highest Data and System Security Standards
For your peace of mind and for a secure exchange of information, we provide you with a special level of system security. A custom configuration of the system for buyers and also for suppliers ensures that all communication and data transfer takes place safely.
Access to the system is only possible with a token (YubiKey or Mobile TAN), or additionally you can add IP address restrictions. We take care of the token distribution to your suppliers. Although POOL4TOOL is a SaaS solution, internal access is only possible from the internal network or with VPN.
The login behavior of each user is evaluated according to safety relevant aspects. Deviations from regular behavior will be automatically recognized by the system and start an escalation process.
In order to uncover potential vulnerabilities and then remove them, POOL4TOOL High Secure provides a sophisticated security audit tool. This allows automated system queries and gives information about potential vulnerabilities.