Next webinar | 10 key steps for WEDO editors

Security

Security, Privacy and Compliance

Your meeting minutes and tasks are safeguarded with industry-leading security. We store all your data in Switzerland, within ISO 27001 certified data centers, ensuring both safety and compliance. Our commitment is to provide a secure environment without compromising application performance or user experience.

WEDO UI
SOC2 LogoSOC2 Type II
ISO27001 LogoISO27001
GDPR LogoGDPR
SOC2 LogonFADP
FINMA LogoFINMA
HDS LogoHealth Data Hosting

SOC2 Compliance

The SOC 2 Type II audit is an industry-recognized security certification for software-as-a-service (SaaS) companies. It validates that your data is secure, safe, and controlled with WEDO. The 6-month long audit involved a thorough analysis of our controls, the tests we perform to assess their effectiveness, and the results of those tests. Learn more about SOC2 here.

ISO Certifications

ISO 27001:2013 is considered to be the highest international standard of information security as it relates to customer data. WEDO stores data only in ISO 27001:2013 certified data centers, ensuring that your data is safe and secure.

nFADP and GDPR Compliance

WEDO is compliant with the Swiss Federal Act on Data Protection (FADP) and the General Data Protection Regulation (GDPR). We are committed to protecting your data and ensuring that it is used in accordance with the law.

Data Center Security

WEDO customer data is hosted by Exoscale, which is certified ISO 27001. Exoscale maintains an impressive list of reports, certifications, and third party assessments such as ISO 9001:2008, PCI DSS 3.2, SOC-1 Type II and SOC-2 Type II. Exoscale data centers are secured with a variety of physical controls to prevent unauthorized access. More information on Exoscale data centers and their security controls can be found here.

Data Center Locations

Your data is safely stored in Swiss data centers located in Zurich and Geneva.

Hundreds of companies rely on WEDO to keep their data protected

Raiffeisen
AO Foundation
Groupe E Connect
HVS
Carouge
Police Lausanne
FPE CIGA
Hôpital Riviera-Chablais

Network and Infrastructure Security

WEDO’s infrastructure is hosted in a high-available, fully redundant, secured environment, with access restricted to operations support staff only. This allows us to leverage complete data and access segregation, firewall protection, and other security features. All WEDO web application communications are encrypted over TLS 1.2, which cannot be viewed by a third party and is the same level of encryption used by banks and financial institutions. All data in WEDO is encrypted at rest using AES-256 encryption.

Firewall
 
Our firewall is designed to protect your data from unauthorized access.
Encryption
 
All data in WEDO is encrypted in transit using TLS 1.2 and at rest using AES-256 encryption.
Backup
 
We have multi layers of backups with: real-time replication, daily backups and point-in-time recovery. All backups are encrypted using AES-256.
Incident response
 
WEDO has an incident response plan in place that is reviewed yearly. This ensures timely detection, mitigation and notification procedures for any incidents in place.
Disaster recovery
 
WEDO has a both a business continuity and a disaster recovery plan to ensure our staff is ready to continue to serve customers even in the most unlikely of events.
Hardening
 
Our servers are hardened following CIS standards to protect against common threats and vulnerabilities.

Application Security

WEDO actively monitors ongoing security, performance and availability 24/7/365. We run automated security testing on an ongoing basis. We also contract a third party for penetration testing. WEDO Security team will continue to do everything to keep your data safe and advise you about risks. Regarding privacy, you can view our full privacy policy here: Privacy Policy.

Two-factor Authentication
 
You can enable Two-factor Authentication (2FA) to add an extra layer of security to your account.
SAML SSO
 
A SAML 2.0 interface for Single Sign-On & Active Directory is available in WEDO
RBAC access configuration
 
Role-based permissions via Admin Dashboard are available in WEDO.
High availability
 
WEDO is hosted on a highly available infrastructure monitored on our status page.

User Permissions and Roles in Product

WEDO allows you to configure user permissions and roles at multiple layers. By setting up different roles with different permissions you can ensure that your data is secure and accessible only to those who need it.

Software Development Practices and Security

At WEDO, we follow secure software development practices as outlined in our documented software development lifecycle. Every piece of code undergoes rigorous security-focused reviews, along with automated and manual testing, before being deployed to production. We maintain separate environments for development, staging, and production, ensuring that no production data is used in non-production environments. Our continuous integration (CI) pipeline runs a comprehensive suite of tests to guarantee that all code meets security and quality standards prior to deployment.

People Security

Employee Background Checks

All new employees at WEDO are required to undergo criminal background checks, debt registry verification, and reference checks prior to starting their employment.

Security Training

All WEDO employees are required to undergo security training annually. This training covers topics such as phishing, password security, and data handling.

Confidentiality and Privacy

All WEDO employees and service providers sign confidentiality and non-disclosure agreements to ensure confidentiality of all information collected on our systems. Furthermore, our customer support personnel will only access customer information for the purpose of troubleshooting upon asking for permission from said customers. Such access is logged and is monitored by internal security personnel.

Risk Management

WEDO takes risk management seriously and has put in place a risk management policy, associated plan and risk mitigation strategies. We ensure that a risk assessment is performed at least annually or when warranted based on changes that necessitate the activity.

Vulnerability Management

Endpoint Monitoring

WEDO utilizes a centralized endpoint security solution, and ensures that all devices are up to date, clean from malware, and securely encrypted.

Vulnerability Scans

WEDO undergoes third party vulnerability scans on every commit, ensuring that no vulnerabilities exist in our systems. Where such vulnerabilities are identified they are remediated as soon as possible.

Static Code Scans

WEDO uses static code analysis tools for our backend systems and APIs as part of our CI/CD pipeline, ensuring no code is deployed without passing checks for potential vulnerabilities and anti-patterns.

Third Party Penetration Testing

WEDO commissions penetration tests from external security firms at least annually, ensuring that our software remains secure. Any potential vulnerabilities found are remediated in short order.

Frequently asked questions

Swiss made software logo

Learn more about how we treat privacy.Privacy Policy

Ready to dive in?Start your free trial today.