Cybersecurity Statement

DigitAll360 prioritizes robust information security management to protect our client’s data, internal assets, and valuable intellectual property. We leverage industry-recognized frameworks to establish, manage, and continuously advance our security posture.

Our Approach:

  • ISO 27001: We implement an Information Security Management System (ISMS) based on ISO 27001 principles. This encompasses:
    • Systematic risk assessment and treatment
    • Documented security policies and procedures
    • Clearly defined roles and responsibilities for information security
    • Ongoing auditing and process improvement
  • SOC 2: As part of our commitment to security, availability, processing integrity, confidentiality, and/or privacy, we are scheduled for SOC 2 certification in early 2025. This will provide independent verification of our controls and processes.

Specific Measures:

  • Security Basics


  1. Strong Passwords & Multi-Factor Authentication (MFA): Enforce complex passwords and require MFA to access critical systems and accounts.
  2. Antivirus/Antimalware Software: Reputable solution on all endpoints (computers, laptops, servers) to detect and prevent common malware infections.
  3. Software Updates: We regularly review available updates To close vulnerabilities and keep operating systems, applications, and firmware up to date with the latest security patches.
  4. Firewalls: We have implemented the best industry firewalls to control network traffic and block suspicious incoming and outgoing connections.


  • Data Protection


  1. Encryption: Encrypt sensitive data both when stored (at rest) and when sent over the internet (in transit). Using AES-256 and TLS encryption.
  2. Backups: Critical data is backed up to an offsite or cloud location every 6 hours, and full backups are performed daily during slow use periods. The ability to restore data is tested weekly to ensure recoverability.
  3. Access Controls: Enforce the principle of least privilege – grant employees only the access necessary to perform their jobs. Regularly review permissions.



  • Employee Education


  1. Security Awareness Training: Conduct regular training sessions to educate staff on recognizing phishing attacks, social engineering scams, and handling sensitive data.
  2. Phishing Simulations: We test our employees’ awareness with realistic phishing simulations quarterly, which help us identify those who need extra training.


  • Incident Response Planning


  1. Response Plan: We follow the guidelines and recommendations of ISO/IEC 27035-2:2016; the notification timeframe is 2-4 hours, depending on the severity of the event. All notifications to the client are via encrypted Voltage SecureMail only.
  2. Plan Testing: Run tabletop exercises to simulate different breach scenarios, ensuring our team understands the process.


  • Specialized Considerations


  1. Cloud Security: We use Cloudflare network & application security & performance services combined with Google Data cloud service.

We recognize that cybersecurity is an ongoing, collaborative effort. We work closely with our clients, partners, and security experts to maintain a robust security posture adaptable to evolving threats and client requirements.



Luis Vale
VP of Digital Solutions
Tel: +43 12 264 462