Next webinar | 10 key steps for WEDO editors
Security, Privacy and Compliance
Your meeting minutes and tasks are safeguarded with industry-leading security. We store all your data in Switzerland, within ISO 27001 certified data centers, ensuring both safety and compliance. Our commitment is to provide a secure environment without compromising application performance or user experience.
SOC2 Compliance
The SOC 2 Type II audit is an industry-recognized security certification for software-as-a-service (SaaS) companies. It validates that your data is secure, safe, and controlled with WEDO. The 6-month long audit involved a thorough analysis of our controls, the tests we perform to assess their effectiveness, and the results of those tests. Learn more about SOC2 here.
ISO Certifications
ISO 27001:2013 is considered to be the highest international standard of information security as it relates to customer data. WEDO stores data only in ISO 27001:2013 certified data centers, ensuring that your data is safe and secure.
nFADP and GDPR Compliance
WEDO is compliant with the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation (GDPR). We are committed to protecting your data and ensuring that it is used in accordance with the law.
Data Center Security
WEDO customer data is hosted by Exoscale, which is certified ISO 27001. Exoscale maintains an impressive list of reports, certifications, and third party assessments such as ISO 9001:2008, PCI DSS 3.2, SOC-1 Type II and SOC-2 Type II. Exoscale data centers are secured with a variety of physical controls to prevent unauthorized access. More information on Exoscale data centers and their security controls can be found here.
Data Center Locations
Your data is safely stored in Swiss data centers located in Zurich and Geneva.
Hundreds of companies rely on WEDO to keep their data protected
Network and Infrastructure Security
WEDO’s infrastructure is hosted in a high-available, fully redundant, secured environment, with access restricted to operations support staff only. This allows us to leverage complete data and access segregation, firewall protection, and other security features. All WEDO web application communications are encrypted over TLS 1.2, which cannot be viewed by a third party and is the same level of encryption used by banks and financial institutions. All data in WEDO is encrypted at rest using AES-256 encryption.
- Firewall
- Our firewall is designed to protect your data from unauthorized access.
- Encryption
- All data in WEDO is encrypted in transit using TLS 1.2 and at rest using AES-256 encryption.
- Backup
- We have multi layers of backups with: real-time replication, daily backups and point-in-time recovery. All backups are encrypted using AES-256.
- Incident response
- WEDO has an incident response plan in place that is reviewed yearly. This ensures timely detection, mitigation and notification procedures for any incidents in place.
- Disaster recovery
- WEDO has a both a business continuity and a disaster recovery plan to ensure our staff is ready to continue to serve customers even in the most unlikely of events.
- Hardening
- Our servers are hardened following CIS standards to protect against common threats and vulnerabilities.
Application Security
WEDO actively monitors ongoing security, performance and availability 24/7/365. We run automated security testing on an ongoing basis. We also contract a third party for penetration testing. WEDO Security team will continue to do everything to keep your data safe and advise you about risks. Regarding privacy, you can view our full privacy policy here: Privacy Policy.
- Two-factor Authentication
- You can enable Two-factor Authentication (2FA) to add an extra layer of security to your account.
- SAML SSO
- A SAML 2.0 interface for Single Sign-On & Active Directory is available in WEDO
- RBAC access configuration
- Role-based permissions via Admin Dashboard are available in WEDO.
- High availability
- WEDO is hosted on a highly available infrastructure monitored on our status page.
User Permissions and Roles in Product
WEDO allows you to configure user permissions and roles at multiple layers. By setting up different roles with different permissions you can ensure that your data is secure and accessible only to those who need it.
Software Development Practices and Security
At WEDO, we follow secure software development practices as outlined in our documented software development lifecycle. Every piece of code undergoes rigorous security-focused reviews, along with automated and manual testing, before being deployed to production. We maintain separate environments for development, staging, and production, ensuring that no production data is used in non-production environments. Our continuous integration (CI) pipeline runs a comprehensive suite of tests to guarantee that all code meets security and quality standards prior to deployment.
People Security
Employee Background Checks
All new employees at WEDO are required to undergo criminal background checks, debt registry verification, and reference checks prior to starting their employment.
Security Training
All WEDO employees are required to undergo security training annually. This training covers topics such as phishing, password security, and data handling.
Confidentiality and Privacy
All WEDO employees and service providers sign confidentiality and non-disclosure agreements to ensure confidentiality of all information collected on our systems. Furthermore, our customer support personnel will only access customer information for the purpose of troubleshooting upon asking for permission from said customers. Such access is logged and is monitored by internal security personnel.
Risk Management
WEDO takes risk management seriously and has put in place a risk management policy, associated plan and risk mitigation strategies. We ensure that a risk assessment is performed at least annually or when warranted based on changes that necessitate the activity.
Vulnerability Management
Endpoint Monitoring
WEDO utilizes a centralized endpoint security solution, and ensures that all devices are up to date, clean from malware, and securely encrypted.
Vulnerability Scans
WEDO undergoes third party vulnerability scans on every commit, ensuring that no vulnerabilities exist in our systems. Where such vulnerabilities are identified they are remediated as soon as possible.
Static Code Scans
WEDO uses static code analysis tools for our backend systems and APIs as part of our CI/CD pipeline, ensuring no code is deployed without passing checks for potential vulnerabilities and anti-patterns.
Third Party Penetration Testing
WEDO commissions penetration tests from external security firms at least annually, ensuring that our software remains secure. Any potential vulnerabilities found are remediated in short order.
Latest articles
Frequently asked questions
Learn more about how we treat privacy.Privacy Policy