Ambassify operates within a strong compliance and governance framework. We align our security practices with applicable laws, validate them through regular audits, and continuously improve through structured management review.

Applicable Laws and Regulations

We monitor and comply with data protection and privacy laws relevant to our operations and customers.

  • GDPR (General Data Protection Regulation) - The primary framework governing how we process personal data of individuals in the European Union.
  • ePrivacy Directive (Cookie Law) - Governs the use of cookies and similar tracking technologies on our platform.
  • Belgian Law and Regulations - As a Belgian company, we comply with all applicable national data protection and business regulations.
  • nFADP (Swiss Federal Act on Data Protection) - We meet the requirements of Swiss data protection law for our Swiss customers.
  • Emerging Frameworks - We actively monitor developments in CCPA (California), PDPA (Singapore), and the EU AI Act to stay ahead of regulatory changes.

Internal Audits

We conduct regular internal audits to verify that our security controls work as intended.

  • Peer Review Methodology - Audits are performed using a peer review approach to ensure objectivity and thoroughness.
  • Annual Coverage - All ISMS policies and controls are audited at least once per year.
  • Finding Classification - Findings are classified as major non-conformity, minor non-conformity, or opportunity for improvement.
  • Remediation Tracking - All findings are tracked through to completion with clear ownership and deadlines.

Management Review

Senior leadership actively oversees the security program through structured reviews.

  • Annual ISMS Review - A comprehensive management review of the entire Information Security Management System takes place every year.
  • Review Scope - Reviews cover risk assessment results, audit findings, incident data, and overall compliance status.
  • Actionable Outputs - Each review produces updated policies, resource allocation decisions, and improvement priorities.

External Security Audit

Independent third parties validate our security posture annually.

  • Annual Penetration Test - An independent external party conducts a full penetration test and security audit every year.
  • Audit Results - Our latest audit overview is available for review: Download Audit Overview.
  • SSL Labs Rating - Our encryption configuration is rated A+ by SSL Labs: View SSL Labs Report.

Compliance Validation

We use multiple methods to verify ongoing compliance.

  • Automated Testing - Compliance is verified through automated testing, vulnerability scanning, and periodic spot checks.
  • ISO 27001:2022 Certification - We maintain our certification through regular surveillance audits by an accredited certification body.
  • Certificate - Download ISO 27001:2022 Certificate.