A holistic concept for security and data protection for the cleaning of buildings

The [SQ] ONE platform offers security for your operational business and your data

The security of your data is our highest priority. We set on complete data encryption, advanced firewalls, regular security audits and ISO and SOC certified data centers. All data is hosted exclusively in European data centres.

Comprehensive GDPR compliance with [SQ] ONE

By using the [SQ] ONE Apps, your employees will be fully GDPR compatible. The new Basic Data Protection Ordinance (GDPR) will come into force on 25 May 2018. With [SQ] ONE, carry out a GDPR-compliant and secure data, information and communication platform for your operative employees. Only a consistent process of data transmission without media breaks offers sufficient protection.

MULTI-CLIENT CAPABILITY

  • Multiple client service
  • Each client has its own domain
  • Client has control over mandate

DATA ENCRYPTION

  • Data encryption of the mobile App
  • Complete encrypted records
  • Data is encrypted in REST and Transit

VIRTUAL SINGLE CLOUD

  • Management by ISO SOC-certified servers/computer centers
  • Cloud-based data management
  • Scalable SaaS-offering

LAW-COMPLIANT

  • German Data Protection Act
  • Basic Data Protection Regulation (GDPR)
  • ISO snd SOC
  • Order processing with customers
  • Data protection officer

HIGH AVAILABILITY

  • Contractually regulated availability of 99.9%

ACCESS CONTROL

  • Role-based access management
  • ERP-System connection
  • Single-Sign-On (SSO) and the Employee Directory

Industry-leading standard for safety and GDPR


[SQ] ONE ensures compliance with the basic EU data protection


The GDPR standardises data protection laws throughout Europe. An essential part is the protection of personal data. We see the basic data protection regulation as far more valuable - than just a necessity. It allows us to set the global standard for the handling of data.

We have therefore built software that conforms to the GDPR at every point in your process. So you are on the safe side - just like the data of your employees and customers. Because trust is an important basis for cooperation in our industry - we know this and appreciate it very much.


Privacy Policy of [SQ] ONE



RA Julian Höppner
Data protection officer at SoniQ Services GmbH

Privacy Policy of [SQ] ONE

Independent Expertise

Julian Höppner has been data protection officer at SoniQ Services GmbH, the company behind the [SQ] ONE software, since 2018. The focus of his activities is the support of national and international companies in all questions of IT law and data protection law. His focus is on the handling of personal data, be project-related (e.g. when implementing new technology systems and strategies), product-related (e.g. apps and beacons) or in communication with users and authorities (privacy policies, data protection audits by supervisory authorities et al.). Julian Höppner is a certified data protection officer (TÜV) and managing director of JBB Data Consult GmbH.

A holistic concept for safety and GDPR conformity for building services

FAQs on security and data protection


Does SoniQ Services have specific rules, standards or guidelines for information security and data protection?

Yes, SoniQ Services has a model for this purpose derived from the ISO-27001 control objectives and other resources.


** Are those responsible assigned to the relevant documents and is there a process for maintaining the documents? **

Yes, there are officers for all policies and an annual review process is part of the risk management process.


Does SoniQ Services have an integrated operational risk management process to identify/react/report risks?

Yes, the risk management process and responsibility lies with the Risk & Compliance department and our data protection officer.


Are the technical organisational measures (TOM) of [SQ] ONE recommended or required in the GDPR, in the German and European Data Protection Act applied in its strategy and implementation for the protection of data security and the privacy of the person?
Yes. [SQ] ONE uses the GDPR as a guideline for the data protection requirements for personal data. Technical and organizational measures such as the use of encryption technologies are standard and embedded in the product and service services of [SQ] ONE. Processes such as conducting a data protection impact assessment before releasing new products or services are part of our product and service development.


Does [SQ] ONE have detailed logging and monitoring policies that covers everything needed for investigation purposes?

Yes, [SQ] ONE logging and monitoring is done according to its Logging & Monitoring Policy, which is derived from the requirements of the following sources:
1. GDPR
2. IT Compliance Institute – Logging, Monitoring and Reporting
3. Privacy policy for [SQ] ONE: https://www.soniqservices.de/privacypolicy

[SQ] ONE logs following parameters:
1. Time and date stamp
2. PS-coordinated (if activated by user)
3. IP-adress details (Client-IP)
4. Username & ID
5. Type of access/activity attempted or performed (read/update/create/delete)
6. Success or error status of the event
7. System or module
8. Full URL access
9.Details about the Interface (webbased, mobiler client, etc.)
10. Browser type

Does [SQ] ONE have a policy for incident management and supporting process?
Yes, [SQ] ONE has defined and implemented a policy for incident management as well as the relevant processes according to articles 33 and 34 of the GDPR.

Does [SQ] ONE have a policy for change management and supporting process?
Yes, [SQ] ONE has defined and implemented a policy for change management, as well as for the relevant processes that are most appropriate according to the principle of segregation of duties, according to various best practices, including ITIL, ISO and NIST resources.


Does [SQ] ONE have business continuity and disaster recovery policies that are audited?
Yes, [SQ] ONE has defined and provided complete business continuity and disaster recovery policies. Quarterly tests were conducted with various scenarios that led to recovery requirements.


** Does [SQ] ONE have controlled processes for access to the production processes necessary for support personnel? **
Yes, [SQ] ONE uses a process to request access to production processes from employees who need access to provide support. The customer receives an information security policy document identifying all functions with access to production. Access to production is based on the temporary issuance of certificates with limited validity. [SQ] ONE's employees are subject to mandatory background checks and access is restricted by the "need to know - need to have" principle. All access is based on 2-factor authentication.

Does the access of the [SQ] ONE employees correspond to the 4-eye-principle and the principle "need to know - need to have"?
Yes.


Are ALL [SQ] ONE systems operated in an ISO 27001 certified data center?
Yes.


Has SoniQ Services appointed a data protection officer?
Yes. RA Julian Höppner – j.hoeppner@jbb.de


Does [SQ] ONE regularly perform vulnerability and penetration tests on its products?
Yes, SoniQ for quality assurance regular vulnerability testing of the product code before releasing it for production by [SQ] ONE through. In addition, [SQ] ONE conducts full annual penetration tests.


Does [SQ] ONE sign a data processing agreement with its customers?
Yes, order processing agreements are signed before each initial data exchange.


Does [SQ] ONE have regular training in data protection for its employees?
Yes, in accordance with the GDPR requirements, [SQ] ONE has a mandatory annual training course for relevant employees on information security, data protection and privacy.


Does [SQ] ONE have a policy on data storage, processing, and deletion and the necessary supporting processes?
Yes, There is a policy on data storage, processing and deletion. The account manager appointed for each client is the first point of contact for all enquiries.


Can we integrate our identity management solutions for Single Sign On or Active Directory with [SQ] ONE apps and services?
Yes, [SQ] ONE uses for the integration of Single Sign On and/or Active Directory solutions with the customer.


Does [SQ] ONE have solutions for archiving communication (messages and chats)?
Yes, [SQ] ONE provides authenticated and authorized customers with access to their data for archiving purposes based on the REST API. Please contact [SQ] ONE's Privacy Officer about this issue.


Can we use our Mobile Device Management (MDM) for the deployment of [SQ] ONE apps?
Yes, mobile [SQ] ONE apps can be distributed via MDMs.