Ambassify operates a formal Information Security Management System (ISMS) to protect your data and our platform. Our security program is built on internationally recognized standards and continuously improved to address evolving threats.

ISO 27001:2022 Certification

Ambassify is ISO 27001:2022 certified, demonstrating our commitment to information security best practices.

  • Certified ISMS: Our information security management system is formally aligned with the ISO 27001:2022 international standard
  • Independent Audit: Certification is maintained through regular external audits by an accredited certification body
  • Certificate: You can view our certificate here

Security Governance

Security is governed at the highest level within Ambassify and embedded across the organization.

  • ISMS Governance Council: A dedicated council oversees security strategy and ensures alignment with business objectives
  • Management Reviews: Regular management reviews assess the performance and effectiveness of the ISMS
  • Security Objectives: Objectives are set quarterly, tracked, and reported on to ensure measurable progress
  • Continuous Improvement: Findings from audits, incidents, and reviews feed into an ongoing improvement cycle

Roles and Responsibilities

Clear accountability is essential to effective information security.

  • Chief Information Security Officer (CISO): A dedicated CISO oversees the information security program and reports to senior management
  • Data Protection Officer (DPO): A DPO ensures compliance with data protection regulations
  • Separation of Duties: Security functions are clearly separated to reduce risk and ensure accountability
  • Shared Responsibility: Every employee at Ambassify has defined security responsibilities and is held accountable for following security policies

Infrastructure

Ambassify runs entirely in the cloud with no on-premise infrastructure.

  • EU-Based Hosting: All systems are hosted exclusively on Amazon Web Services (AWS) within the European Union (Frankfurt and Dublin regions)
  • No On-Premise Servers: There is no physical infrastructure managed by Ambassify
  • Physical Security: AWS data centers are protected by industry-leading physical security controls. Learn more about AWS physical security

Policy Framework

A comprehensive set of policies underpins our security program.

  • Full Coverage: Security policies cover all aspects of information security, from access control to incident response
  • Annual Review: All policies are reviewed at least once a year and updated as needed
  • Employee Acknowledgment: Every employee reads, acknowledges, and follows the applicable security policies

Continuous Improvement

We regularly assess and strengthen our security posture.

  • Internal Audits: Regular internal audits evaluate the effectiveness of security controls and processes
  • Non-Conformity Tracking: Any identified non-conformities are documented, tracked, and remediated promptly
  • Improvement Opportunities: We actively identify and act on opportunities to improve our security practices

Contact

If you have questions about our information security program, reach out to us at security@ambassify.com.