Security Center
1. Overview
Allcontrols OÜ is an information security, audit, and compliance services company.
We protect client information through certified management systems, documented policies,
confidentiality obligations, secure handling practices, and strict professional conduct requirements.
Our security and governance framework is designed to support the confidentiality, integrity,
and availability of client data, audit evidence, security testing results, compliance documentation,
internal business information, and other sensitive information entrusted to Allcontrols.
2. Certifications
Allcontrols maintains independently managed governance, security, and quality processes to support
reliable service delivery and responsible handling of client information.
-
ISO/IEC 27001:2022 — Information Security Management System.
Our information security controls cover access management, information classification, secure handling,
risk management, incident response, supplier management, and continual improvement. -
ISO 9001:2015 — Quality Management System.
Our quality management processes support consistent service delivery, documented procedures,
management review, corrective actions, and continual improvement.
Certificates may be provided to clients, partners, and other authorized parties upon request or under NDA
where appropriate.
3. Security Governance
Allcontrols maintains documented policies, procedures, and internal controls to manage information security,
data protection, confidentiality, ethical conduct, and professional independence.
Our governance approach includes:
- Documented information security and data protection policies;
- Defined responsibilities for secure handling of client and internal information;
- Access control based on business need-to-know principles;
- Confidentiality obligations for personnel and contractors;
- Security awareness and data protection training;
- Incident reporting and response procedures;
- Periodic review and continual improvement of internal controls.
4. Data Protection
Allcontrols processes personal data in accordance with applicable data protection laws, including the GDPR.
Depending on the context, Allcontrols may act either as a data processor on behalf of a client or as an
independent data controller for activities such as website operation, recruitment, and sales or CRM activities.
We apply appropriate technical and organizational measures to protect personal data and other sensitive
information, including:
- Access controls and authentication;
- Confidentiality agreements and personnel obligations;
- Secure storage and communication practices;
- Logging and monitoring where applicable;
- Backup and recovery controls;
- System hardening and patch management;
- Incident response and escalation procedures;
- Data minimization and privacy by design principles.
5. Confidentiality
Allcontrols personnel are required to protect confidential, client-related, and proprietary information.
This includes, but is not limited to:
- Client data and documentation;
- Security testing results and vulnerability findings;
- Audit reports and compliance assessments;
- Risk analyses and remediation information;
- Source code, system configurations, and architectural information;
- Internal methodologies, procedures, and business information.
Access to confidential information is limited to authorized personnel with a legitimate business need.
Unauthorized disclosure, misuse, or mishandling of confidential information is prohibited.
6. Professional Conduct
Allcontrols performs audit, readiness assessment, compliance, and security testing services in accordance
with documented scopes of work, applicable standards, contractual obligations, and professional ethics.
Personnel involved in client engagements are expected to:
- Perform services objectively and professionally;
- Disclose relevant findings truthfully and without misrepresentation;
- Avoid misleading statements about compliance or risk levels;
- Protect client information and engagement records;
- Maintain independence and avoid conflicts of interest;
- Escalate ethical, security, or compliance concerns when identified.
7. Public Policies
The following public policies describe Allcontrols’ commitments to privacy, information security,
ethical conduct, anti-bribery, confidentiality, and responsible business practices.
| Policy / Document | Description | Availability |
|---|---|---|
| Code of Conduct |
Defines ethical principles, professional standards, confidentiality obligations, compliance expectations, and reporting responsibilities. |
Available upon request |
| Ethics Policy |
Confirms Allcontrols’ commitment to integrity, transparency, fairness, accountability, and responsible business conduct. |
Available upon request |
| Anti-Bribery and Corruption Policy |
Prohibits bribery, facilitation payments, kickbacks, improper gifts, and other corrupt practices in business dealings. |
Available upon request |
| Privacy Policy |
Explains how Allcontrols collects, uses, protects, and manages personal data in connection with its services, website, recruitment, and business activities. |
Available upon request |
| Platform Privacy Policy |
Describes privacy practices related to users of Allcontrols’ platform and related platform services. |
Available upon request |
Copies of public policies and governance documents may be provided to clients, partners,
and other authorized parties upon request. Additional internal policies may be shared under NDA
where appropriate.
8. Security Requests
Clients, partners, and authorized third parties may request additional information about Allcontrols’
security, compliance, and governance practices.
Depending on the nature of the request, Allcontrols may provide:
- ISO/IEC 27001 and ISO 9001 certificate information;
- Public policies and governance documents;
- Security questionnaire responses;
- Information about technical and organizational controls;
- Additional internal policies under NDA where appropriate.
To request security or compliance information, please contact us at
[email protected].
9. Contact Information
For security, compliance, or certificate requests, contact us at:
[email protected].
For privacy or data protection questions, contact:
[email protected].