Exact takes information security, including personal data related security, very seriously. Therefore, we have installed dedicated operational processes to manage information security, appointed dedicated security staff and installed an internal reporting mechanism to facilitate proper decision making in case of incidents.
Obviously, we are committed to comply to all relevant legislation, such as the Dutch Data Protection Act. A key mechanism in managing information security is our compliance committee, in which we monitor security processes and discuss security incidents, after being detected and analyzed by our corporate information security officer. The compliance committee is chaired by the CFO.
We are convinced that transparency on the quality of service we deliver is key to keep the trust of our customers. Therefore, we have chosen to voluntarily publish important security incidents we have encountered. In our vision security incidents can and will happen occasionally. Key in this context is how often they occur and especially how you deal with them.
This section lists the three most recent cases that have been discussed in the compliance committee. These are cases that we assessed as being important, or incidents for which we didn’t yet know how to classify them, since we never encountered them before. The cases have been anonymized, but they provide an insight in which type of incidents has occurred, the severity and the actions taken. We trust this section shows that we take security and data privacy very seriously and strive to be exemplary in this field as well.