============================================================ TITLE: Trust Center | ecos systems TYPE: article VERSION: 1 VERSION_ID: c1903599-955f-4a60-82ac-730d2cb5d2df GENERATED_AT: 2026-07-06T20:40:52.351Z SUMMARY: ecos prioritizes IT security and data protection, ensuring compliance with GDPR and ISO standards while providing robust measures to safeguard your data. READING TIME: 11 min WORD COUNT: 2066 KEYWORDS: Trust Center, ecos systems, ecos Trust Center, IT Security, Data Protection SOURCE URL: https://www.ecos-systems.com/trust-center ============================================================ KEY TAKEAWAYS: * IT Security * Data Protection * Compliance ecos Trust Center We secure the environments where trust matters most. We are aware that when you use our products and services, you entrust us with one of your most valuable asset – data. Hence, data protection, compliance & IT security are an integral component of everything we do. We meet the requirements of EU GDPR and are ISO27001 certified. # ecos Trust Center ### We secure the environments where trust matters most. We are aware that when you use our products and services, you entrust us with one of your most valuable asset – data. Hence, data protection, compliance & IT security are an integral component of everything we do. We meet the requirements of EU GDPR and are ISO27001 certified. It Security Data Protection Compliance It Security Compliance Report security issue Please send an email directly to our data security officer at dataprotection@ecos-systems.com. ### Report security issue Please send an email directly to our data security officer at dataprotection@ecos-systems.com. IT Security It is your data and our promise to manage it safely. We do our utmost to incorporate security in every aspect of our processes and products. Below are some of the key features: ## IT Security Advanced user access management Secure physical & digital authentication reduces the risk of improper access. With Role Base Access Control (RBAC) and Discretionary Access Control (DAC) we ensure only authorized employees have access to your data. ### Advanced user access management Secure physical & digital authentication reduces the risk of improper access. With Role Base Access Control (RBAC) and Discretionary Access Control (DAC) we ensure only authorized employees have access to your data. Data Encrypted at Rest and in Transit With state-of-the-art encryption, we protect our customer data both at rest and in transit. All the communications between ecos products and the data center as well as between the data center and end users are secured using elliptical asymmetric encryption ECC with 233 bits. ### Data Encrypted at Rest and in Transit With state-of-the-art encryption, we protect our customer data both at rest and in transit. All the communications between ecos products and the data center as well as between the data center and end users are secured using elliptical asymmetric encryption ECC with 233 bits. Data at Rest (AES-256 encrypted) Data at Rest (AES-256 encrypted) Data in Transit (HTTPS/ TLS 1.2 encrypted) Data in Transit (HTTPS/ TLS 1.2 encrypted) In the rare instance of a data breach at ecos, we make sure to verify if all our customer’s data is safe or if it has been affected and endangers the rights and freedoms of their staff. In case this happens we immediately notify the customers concerned so that they can carry out their legal obligation to notify their staff and regulatory authority. Recoverability and regular backups A strict backup concept is followed to ensure the highest security. We conduct an incremental and weekly backup of all our customer’s data stored. If desired, our customers can retrieve this stored data via our ecos webman and subsequently delete it if necessary. The backup file is sent encrypted and can be stored by our customers. To restore and decrypt the data, it is mandatory to use our ecos webman software. The secret key required for decryption is stored securely within our application. In this way, our customers have full control over their data retention. In the unlikely case of the total failure of our systems, our redundant data center guarantees that your data is not lost. As per our disaster recovery concept, the fastest possible recovery is delivered. ### Recoverability and regular backups A strict backup concept is followed to ensure the highest security. We conduct an incremental and weekly backup of all our customer’s data stored. If desired, our customers can retrieve this stored data via our ecos webman and subsequently delete it if necessary. The backup file is sent encrypted and can be stored by our customers. To restore and decrypt the data, it is mandatory to use our ecos webman software. The secret key required for decryption is stored securely within our application. In this way, our customers have full control over their data retention. In the unlikely case of the total failure of our systems, our redundant data center guarantees that your data is not lost. As per our disaster recovery concept, the fastest possible recovery is delivered. Verification of our security claims We run audits of our procedures and products at regular intervals, generally once a year, in sync with the legal data protection requirements. The results of these audits are then used to take specific action to further enhance our documentation, processes and software features. We also perform vulnerability and penetration tests in regular intervals. Those are performed either by IT specialists such as DITIS Systems or by customers such as military organisations, supermarket chains or railway companies. ### Verification of our security claims We run audits of our procedures and products at regular intervals, generally once a year, in sync with the legal data protection requirements. The results of these audits are then used to take specific action to further enhance our documentation, processes and software features. We also perform vulnerability and penetration tests in regular intervals. Those are performed either by IT specialists such as DITIS Systems or by customers such as military organisations, supermarket chains or railway companies. Data protection isn’t negotiable. It is the right of every individual and at ecos we make sure to keep it that way. We ensures that our customer’s data is handled following the GDPR and they have the transparency where their data is, at all times. Ownership of your data You are and remain the sole owner and controller of your data as per the meaning specified in article 24 EU GDPR. We remain only the order processor who processes your data at your instructions and according to the data processing agreement. You can access, modify or ask us to delete your data anytime as and when required. ### Ownership of your data You are and remain the sole owner and controller of your data as per the meaning specified in article 24 EU GDPR. We remain only the order processor who processes your data at your instructions and according to the data processing agreement. You can access, modify or ask us to delete your data anytime as and when required. Security of our data centers & customer’s data ecos systems uses an ISO 27001 & CSA STAR certified data center within the European Union. It is operated by Microsoft, complies with Tier 4, and guarantees an uptime of 99.9995%. Employees of the data center nor of Microsoft can gain access to your personal data. Our technical and organizational measures make sure to keep it like that. At ecos systems too, only the IT infrastructure team and our product team will have need-to-know data access. This will be required when processing service inquiries. And since our employees are trained in the guidelines laid out by the General Data Protection Regulation (GDPR), they are aware of the data secrecy requirements and the consequences of any breach. Similarly, all our subcontractors who may have access to your data, are bound by contractual privacy commitments. If any of our customers terminate the business relationship, their data is immediately deleted from our data center. This also includes cached or backup copies. ### Security of our data centers & customer’s data ecos systems uses an ISO 27001 & CSA STAR certified data center within the European Union. It is operated by Microsoft, complies with Tier 4, and guarantees an uptime of 99.9995%. Employees of the data center nor of Microsoft can gain access to your personal data. Our technical and organizational measures make sure to keep it like that. At ecos systems too, only the IT infrastructure team and our product team will have need-to-know data access. This will be required when processing service inquiries. And since our employees are trained in the guidelines laid out by the General Data Protection Regulation (GDPR), they are aware of the data secrecy requirements and the consequences of any breach. Similarly, all our subcontractors who may have access to your data, are bound by contractual privacy commitments. If any of our customers terminate the business relationship, their data is immediately deleted from our data center. This also includes cached or backup copies. GDPR compliant data processing & standards Data protection is an integral part of our product strategy therefore when developing them we respect the stipulations of Art. 25 EU GDPR of data protection by design and by default. We generally assume that we are compliant with the essential requirements of the EU GDPR today as we have reviewed the default settings of the entire application and adapted them to provide the highest-possible level of data protection while still ensuring user friendliness. Furthermore, the settings are generally all adaptable to the customer’s individual needs. ### GDPR compliant data processing & standards Data protection is an integral part of our product strategy therefore when developing them we respect the stipulations of Art. 25 EU GDPR of data protection by design and by default. We generally assume that we are compliant with the essential requirements of the EU GDPR today as we have reviewed the default settings of the entire application and adapted them to provide the highest-possible level of data protection while still ensuring user friendliness. Furthermore, the settings are generally all adaptable to the customer’s individual needs. Supporting our customers to respect rights of data subjects We support our customers to follow chapter 3 of EU GDPR ensuring the rights of data subjects to have access, obtain the erasure, and request portability of personal details. In addition, ecos webman offers the option of anonymizing personal data automatically after a user-defined time interval or manually at any time. ### Supporting our customers to respect rights of data subjects We support our customers to follow chapter 3 of EU GDPR ensuring the rights of data subjects to have access, obtain the erasure, and request portability of personal details. In addition, ecos webman offers the option of anonymizing personal data automatically after a user-defined time interval or manually at any time. ISO 27001 This is the internationally recognized standard for managing risks associated with information security and describes the requirements for implementing & optimizing such a system. This is the internationally recognized standard for managing risks associated with information security and describes the requirements for implementing & optimizing such a system. ISO 9001 ISO 9001 is the global standard that confirms a company’s or organization’s commitment to enhancing quality, delivering efficient operations & improving customer satisfaction. ISO 9001 is the global standard that confirms a company’s or organization’s commitment to enhancing quality, delivering efficient operations & improving customer satisfaction. ISO 14001 This certificate is the globally recognized and applied standard for environmental management systems. It demonstrates the organization’s environmental commitments. This certificate is the globally recognized and applied standard for environmental management systems. It demonstrates the organization’s environmental commitments. GDPR Framework GDPR is the stringent data security and privacy law in the world. Though drafted and passed by EU, it imposes obligations on every company or organization to protect and follow its guidelines when dealing with people in the EU. ### GDPR Framework GDPR is the stringent data security and privacy law in the world. Though drafted and passed by EU, it imposes obligations on every company or organization to protect and follow its guidelines when dealing with people in the EU. ------------------------------------------------------------ ABOUT THIS CONTENT ------------------------------------------------------------ Source: https://www.ecos-systems.com/trust-center This content is provided for informational purposes. Please visit the original source for the most up-to-date information.