Audits
Auditing and the process
Simployer acknowledges the right of our customers to audit Simployer according to GDPR and the DPA agreement with the customer.
Simployer has several thousands customers so it is not practically feasible for us to conduct individual audits initiated by our customers. In order to show our compliance with GDPR regulations and the DPA, an audit is conducted at regular intervals by a trusted third party auditor at our own expense.
The current auditor is PriceWaterhouseCoopers (PwC), and the audit is conducted according to the ISAE3000 standard. The audit is based on select controls from the NOREA Privacy Control Framework. The control matrix includes control to show that Simployer also has a solid information security program.
Regulated in Data Processing Agreement
By signing the Data Processing Agreement (DPA), the customer (The Data Controller) acknowledges that the Data Controller's right to conduct audits under GDPR is fulfilled through the fact that Simployer (the Data Processor) ensures that an independent third party, appointed by the Data Processor, conducts a systemic audit of the Simployer system on a regular basis.
The audit report are made available to the Data Controller (the customers) upon request.
The customer cannot demand to conduct any other type of audit of Simployer free of charge.
The customer may order a copy of the public audit report by filing a support ticket with our customer care departments in Norway or Sweden.