mpleo Information Security Management System
HRWeb is an organization where resilience and security are at the very heart of our business. We provide services to prestigious clients that require high availability and confidentiality of their information, as well as compliance with all applicable laws and regulations. Special attention has been devoted to The General Data Protection Regulation (GDPR) compliancy, as Data Privacy is becoming increasingly important, both for our customers and for their employees.
Therefore, a policy framework has been put in place to help minimize potential losses through protective technical and non-technical measures, appropriate to the risks involved and the sensitivity of goods and information to protect. It includes the protection against the risk of destruction, damage and loss of property, disclosure, alteration or destruction of information, whether internal or external to HRWeb, whether voluntary or involuntary on business processes and ICT systems.
HRWeb promotes the fact that a sound security is the result of a collective effort that requires the involvement of every employee (internal or external) who uses company information or computer systems. Every user knows the Code of Conduct and behaves accordingly.
Our Information Security Management System is ISO 27001 certified since December 2021 by Certi-trust, with the following scope:
The Information Security Management system (ISMS) of HRWEB concerns the provision of the MPLEO SAAS platform which supports the onboarding and end-to-end management (collection, treatment, storage, retention, deletion) of HRWEB customer data. The scope includes staff, IT assets, data centers and suppliers’ services under the responsibility of HRWeb that develop, support, maintain and host the MPLEO platform. In accordance with the Statement of Applicability, Version 1.0 of the 22/10/2021.
The Statement Of Applicability can be consulted on request to the HRWeb Support team.
From a customer perspective, HRWeb holds the responsibility of data processor, acting as supplier for its customers.
- An inventory of information objects (data types) and their retention periods.
- A code of conduct for the personnel.
- A form (integrated in the mpleo service), a procedure and a register to manage personal data violations and incidents.
- A procedure to communicate incidents to customers.
- A GDPR training plan for all employees.
- Data privacy agreements for all partners and subcontractors.
- A form and a register to collect and manage the requests from customers for when a data owner requests them to exercise his/her rights (right to be forgotten, right to correct data, right not to be subject to an automated decision, etc…).
- A process to ensure that privacy by design principle is applied to all new projects.
If you have any questions on mpleo security or data privacy aspects, feel free to contact us.
Plan a demo
- Online demo for
We will get back to you ASAP to confirm the day of the demo
Microsoft TeamsLink will be send to
There has been an error sending the form.