Information Security at PinMeTo

The safety of our customers' data is central to everything we do at PinMeTo. As a leader in the Local Marketing and search technology market, with offices in 5 countries, ensuring seamless and secure information flow is crucial for us. This is why we've put in place a comprehensive Information Security Management System (ISMS) - a blueprint backed by our executive leadership that defines our data protection strategy across all touchpoints.

We Are ISO 27001 Certified

ISO/IEC 27001:2022 is one of the most widely recognised and internationally accepted information security frameworks developed by the International Standard Organisation (ISO) that assists organizations in being risk-aware as well as identify and address their security gaps.

In the Location Marketing field, PinMeTo is the first company to achieve the title which includes not only the PinMeTo products but also our global offices, processes, and all operations. Our ISO Certification for data security serves as a guideline for PinMeTo’s information security management systems (ISMS) supporting our Development, Sales, Support, and platform’s delivery.

What ISO 27001 Means For Our Customers’ Data Security

Whether it's electronic data, physical documentation, or data entrusted to third-party suppliers, our compliance to ISO 27001 principles ensures a holistic protection of our customers’ data.

Confidentiality involves all our efforts to make sure that the data is kept secret. To accomplish this, all the accesses to information are controlled in order to prevent the unauthorised sharing of data—whether intentional or accidental. Our customers can rest assured that their data will be confidential and will be secured in line with the globally recognised best practices.
Integrity is making sure our customers data is trustworthy, complete, and have not been accidentally altered or modified by an unauthorised user or body. It also ensures that when an unauthorised person makes a change that not have should been made, the damage can be reversed.
Availability: Our Product and all relevant data are constantly in a state of availability. Our customer can rest assured that we have the best processes and controls to make all the data available for our them whenever they need to use it.

Additional Security Measures at PinMeTo

Personal Data & GDPR Compliance

Protection of our customers’ personally identifiable information (PII) remains a top priority. We've institutionalised processes aligning with the General Data Protection Regulations (GDPR). All employees, external partners, and service providers have received training on our GDPR-compliant practices.

Secure User Access with SSO

While we prioritise top-notch security, we are also mindful of platform performance and user experience. To further streamline and secure user access, we've integrated SAML and SSO. Our users enjoy a smooth login experience, while our systems ensure that security parameters are never compromised.

Asset Management

All assets – data, software, and hardware – are classified based on their criticality, with designated owners responsible for their protection. This systematic approach is in line with our Data Management and Classification Policy and goes in line with the ISO 27001 security protocols.

Continuous Security Enhancement

Beyond ISO Certification for Data Security, we’ve made security a part of our daily operations, ensuring that every part of our company is always focused on assessing risks and strengthening our defence.

Internal Audits

A structured program mandates at least two internal audits annually, maintaining our ISMS's effectiveness.

Monthly Risk Review

All ISMS-related risks are examined and monitored on a regular basis. Identifying and evaluating potential risks, rating the likelihood of an attack, and estimating the effect of a security breach are all part of our comprehensive risk-based strategy. This data is then used to prioritise our cybersecurity activities and make informed decisions about security policies, procedures, and controls.

Infrastructure Security

We undertake regular penetration tests of our Cloud Infrastructure. Additionally, continuous monitoring ensures adherence to best security practices and timely threat detection.

Security Policies

We have developed and implemented comprehensive information security policies and procedures that cover all aspects and requirements of the ISO 27001:2022 International Standard. These policies are aligned with the organisation’s business and information security objectives, core stakeholders requirements and risk assessment results. All the documents are regularly monitored and kept up to date.

Incident Management

We have an incident response plan to handle security incidents effectively. The Incident Management Producers include steps for reporting, assessing the severity, and mitigating security breaches. We also have Data Breach Severity Assessment Procedures in place to monitor all incidents and possible data breaches in accordance with the criteria outlined in GDPR Article 33.

Business Continuity

We have extensive business continuity procedures in place to ensure that important processes and information are not disrupted or destroyed in the event of a disruption or disaster. All BCP scenarios are subject to ongoing monitoring and exercises to ensure that our core business operations are not impacted by any unforeseen situation.

Security Culture

PinMeTo defines security culture as the set of values, beliefs, and norms that influence security-related activity within an organisation. PinMeTo employees are committed to our information security culture, adhering to all security best practises and contributing to our powerful collective approach. Annual employee training sessions are conducted, with specialised training modules for roles having specific security responsibilities.

Top Management Review

Semi-annual meetings focusing on information security ensure continuous alignment with evolving threats and strategies. Our Information Security Officer holds regular discussions with the CTO, CFO, and CEO, evaluating potential threats and refining our mitigation strategies.

Compliance

We make certain that our Information Security Management System complies with all applicable legal and regulatory standards. To demonstrate compliance, we maintain our documentation up to date.