Certificates & Audits

Fabasoft's software products and Cloud Services have received numerous international certifications and awards in terms of reliability, data and data center security and accessibility. This proves our high quality and security standards.

Certificate

ISO 9001 - Quality Management

Since 2005 the entire Fabasoft company has been ISO 9001 certified.

Once a year our quality management is audited and certified by a leading certification body. The aims of the audit are to examine the conformity with demand models and the identifying of potential for the further development of the quality management system.

Fabasoft was successfully recertified in accordance with ISO 9001:2015 by TÜV AUSTRIA CERT GMBH in October 2020.

Continuous Improvement

The quality management system at Fabasoft is a living system. This means that work methods, processes and their corresponding documentation are continuously adapted to the new data and constantly undergoing improvements.

All Fabasoft business-relevant processes are depicted in the form of graphic process diagrams in the process landscape in the internal system. The further development, checking and approval of these processes is the responsibility of the process owner and is defined for every process.

Focus on Customer Orientation

A strategic aim of Fabasoft lies in a strong customer orientation of the quality management system. At Fabasoft customer satisfaction is of the highest importance. Fabasoft customers have the opportunity to share their opinions and improvement suggestions with us. In regular meetings (User Group) customers can give their feedback directly to the Fabasoft employee in charge. The results and evaluations of customer surveys are analyzed and integrated into the improvement processes to ensure that the customer demands are met.

Scope

Development and sales of own software produces, cloud services, Software-as-a-Service applications, appliances and provision of related services.

Certified subsidiaries

  • Fabasoft International Services GmbH
    AT-4020 Linz, Honauerstrasse 4
    AT-1100 Vienna, Laxenburger Strasse 2
  • Fabasoft Austria GmbH
    AT-4020 Linz, Honauerstrasse 4
    AT-1100 Vienna, Laxenburger Strasse 2
  • Fabasoft R&D GmbH
    AT-4020 Linz, Honauerstrasse 4
    AT-1100 Vienna, Laxenburger Strasse 2
  • Mindbreeze GmbH
    AT-4020 Linz, Honauerstrasse 2
    AT-1100 Vienna, Laxenburger Strasse 2
  • Fabasoft Deutschland GmbH
    DE-60549 Frankfurt/Main, THE SQUAIRE 13, Am Flughafen
    DE-10117 Berlin, Leipziger Platz 8
    DE-80539 Munich, Maximilianstrasse 40
    DE-99084 Erfurt, Bahnhofstraße 38
  • Xpublisher GmbH
    DE-80333 Munich, Schleißheimer Strasse 6-10
  • Fabasoft Schweiz AG
    CH-3011 Bern, Spitalgasse 36
  • Mindbreeze Corporation
    US-Chicago, IL 60606, 311 West Monroe Street, Suite 303
    US-Silver Spring, MD 20910, 8403 Colesville Road, Suite 1100
  • Xpublisher Inc.
    US-Chicago, IL 60606, 311 W Monroe Street, Convene, 3rd floor

Certificate

ISO 27001 & ISO 27018 - Information Security and Protection of personal data

In June 2008 Fabasoft received the ISO 27001 certificate for the first time. The standard is a globally recognized standard for the assessment of the security of IT environments.

In July 2015 Fabasoft was audited successfully and gained also certification under ISO 27018. This international standard was published in 2014 and specifies data protection requirements for cloud service providers. The second surveillance audit according to ISO 27001 incl. ISO 27018 was successfully completed in October 2019.

Clearly Defined Standards

The certification's range of validity specifies the requirements for fully comprehensive information security management concerning all IT and business processes as well as all confidential company information. For customers, the ISO 27001 certification means compliance with clearly defined technical and security based standards and thereby defined service levels for the Fabasoft data centers.

The international standard ISO 27018 defines data protection requirements for cloud service providers. They have to undertake major obligations regarding notification, information, transparency and burden of proof in order to build trust with clients and public institutions concerning the processing of personal data within the cloud

Continual Adaptation

Periodical internal controlling of the processes and provisions detailed in the ISO 27001 incl. the ISO 27018 is the basis for the further development of internal IT security standards and the continual adaptation according to changing frameworks and tasks.

Fabasoft was successfully recertified in accordance with ISO 27001 incl. audit according to ISO 27018 by TÜV AUSTRIA Deutschland GmbH in July 2017.

Scope

Development and sales of own software produces, cloud services, Software-as-a-Service applications, appliances and provision of related services.

Certified subsidiaries

  • Fabasoft International Services GmbH
    AT-4020 Linz, Honauerstrasse 4
    AT-1100 Vienna, Laxenburger Strasse 2
  • Fabasoft Austria GmbH
    AT-4020 Linz, Honauerstrasse 4
    AT-1100 Vienna, Laxenburger Strasse 2
  • Fabasoft R&D GmbH
    AT-4020 Linz, Honauerstrasse 4
    AT-1100 Vienna, Laxenburger Strasse 2
  • Fabasoft Deutschland GmbH
    DE-60549 Frankfurt/Main, THE SQUAIRE 13, Am Flughafen
    DE-10117 Berlin, Leipziger Platz 8
    DE-80539 Munich, Maximilianstrasse 40
    DE-99084 Erfurt, Bahnhofstraße 38
  • Fabasoft Schweiz AG
    CH-3011 Bern, Spitalgasse 36
  • Mindbreeze GmbH
    AT-4020 Linz, Honauerstrasse 2
    AT-1100 Vienna, Laxenburger Strasse 2
  • Mindbreeze Corporation
    311 West Monroe Street, Suite 303 Chicago, Illinois, 60606 USA

Certificate

ISO 20000-1 - IT Service Management

In May 2011 Fabasoft received the ISO 20000 certificate for the IT services Folio Cloud (today: Fabasoft Cloud) and Folio SaaS for the first time. The scope was subsequently expanded to include Mindbreeze InSpire SaaS. The ISO 20000-1 standard is an internationally recognized standard for IT service management systems which documents the requirements for professional IT service management.

Implementation of International Standards

With this certification, Fabasoft underlines its strategy of implementing international standards.

ISO 20000-1 serves as a measurable quality standard for IT Service Management (ITSM). The aim of ISO 20000 is to deliver a higher quality of IT services to customers. Alignment according to the needs and requirements of customers plays a primary role.

ITIL orientation in IT Service Management

The standard also serves as an instrument to model processes in an optimized management system as they are described in the Office Government Commerce (OGC)’s IT Infrastructure Library (ITIL). This encompasses such core processes as change, release, incident, problem and security management.

The certification brings with it many advantages. Alongside the targeted improvement of processes through regulated structures, service level maintenance, customer satisfaction and availability of services are more easily measurable by means of key performance indicators.

Fabasoft was successfully re-certified in accordance with ISO 20000-1 by TÜV Austria HELLAS in July 2017. The second surveillance audit according to ISO 20000-1 was successfully completed in October 2019.

Scope

The IT Service Management System of Fabasoft supporting the provision of Fabasoft Cloud, Fabasoft Folio SaaS and Mindbreeze InSpire SaaS to internal and external customers.

Certified subsidiaries

  • Fabasoft International Services GmbH
    AT-4020 Linz, Honauerstrasse 4
    AT-1100 Vienna, Laxenburger Strasse 2
  • Fabasoft Austria GmbH
    AT-4020 Linz, Honauerstrasse 4
    AT-1100 Vienna, Laxenburger Strasse 2
  • Fabasoft R&D GmbH
    AT-4020 Linz, Honauerstrasse 4
    AT-1100 Vienna, Laxenburger Strasse 2
  • Fabasoft Deutschland GmbH
    DE-60549 Frankfurt/Main, THE SQUAIRE 13, Am Flughafen
    DE-10117 Berlin, Leipziger Platz 8
    DE-80539 Munich, Maximilianstrasse 40
    DE-99084 Erfurt, Bahnhofstraße 38
  • Fabasoft Schweiz AG
    CH-3011 Bern, Spitalgasse 36
  • Mindbreeze GmbH
    AT-4020 Linz, Honauerstrasse 2
    AT-1100 Vienna, Laxenburger Strasse 2
  • Mindbreeze Corporation
    311 West Monroe Street, Suite 303 Chicago, Illinois, 60606 USA

Attestation

Cloud Computing Compliance Controls Catalogue (C5)

Fabasoft was the first European provider of cloud services to receive the attestation pursuant to the requirements of the catalog of requirements C5 (Cloud Computing Compliance Controls Catalog, in short: C5), issued by the Federal Office for Information Security (BSI). The KPMG Alpen-Treuhand GmbH Wirtschaftsprüfungs- und Steuerberatungsgesellschaft issued the attestation. The C5 attestation from KPMG pursuant to the requirements of the BSI is a recognized and reliable proof which transparently reveals the high level of information security of the Fabasoft Cloud for all Fabasoft Cloud customers. 

The catalogue of requirements of the BSI specifies the minimum requirements that cloud service providers must meet. The defined surrounding parameters are an integral characteristic of the BSI C5 and ensure transparency with regard to system description, jurisdiction and locations of data storage, data processing and data backup, disclosure and investigation powers, as well as certifications

 

Attestation

ISAE 3402 Type 2

The International Standard on Assurance Engagements (ISAE 3402) is the international testing standard that assesses the effectiveness of internal control systems (IKS) of service providing organizations. The standard was created by the International Auditing and Assurance Standards Board (IAASB) as a successor to the SAS 70 Standard. Up until 2011 Fabasoft was tested according to the AICPA´s reporting standard SAS 70 Type 2, afterwards according to ISAE.

ISAE 3402 aims to extensively test an organization´s internal control system and to rate its effectiveness in detail. The testing takes place over a six month period. The ISAE 3402 test report contains the opinion of an external test company on the control procedure at the service provider, a description of the control points, the test methods and controls, information about the test period and a statement about the effectiveness of the controls.

Attestation

ISAE 3000 SOC2 Type 1

Fabasoft completed the SOC2 Type 1 audit for its Fabasoft Cloud, marketed under the name Fabasoft Business Process Cloud since the beginning of 2020. KPMG Alpen-Treuhand GmbH Wirtschaftsprüfungs- und Steuerberatungsgesellschaft issued the audit report.

As part of the audit process, KPMG checked whether the Trust Service Criteria (TSC) for Security – issued by the American Institute of Certified Public Accountants (AICPA) – are being adhered to. Therefore the existing internal control mechanisms for the services offered – for example with regard to risk minimization, access controls, monitoring measures or communication – were examined and documented. The audit took the form of an ISAE 3000 Type 1 audit (testing the design and implementation for a cut-off date) and lasted approximately four weeks. Fabasoft received the final audit results as an ISAE 3000 SOC2 Type 1 report.

Certificate

TÜV Rheinland

TÜV Rheinland i-sec GmbH certification body certifies that Fabasoft R&D GmbH has achieved the following objectives for the Fabasoft Cloud, Fabasoft Folio SaaS, HeadsUp! User Engagement, and Mindbreeze InSite services for the cloud infrastructure and cloud application:

  • Effectiveness in selecting the data location
  • Secure hosting of data
  • Secure data transmission
  • Secure operation of business-critical applications
  • Quality and availability of service provision – high service continuity, high on-demand scalability
  • Security and quality of data access and data storage – secure login procedure, and authorization systems to control data access at network level
  • State-of-the-art protection against attacks

Proof was provided on site in the form of random external and internal security analyses as well as an audit of the technical, physical as well as organizational security measures, and business processes. The test report 63007063-01 forms part of this certificate.

TÜV Rheinland i-sec GmbH tests the effectiveness of the assessed process through annual monitoring audits.

For more information please click here.

Audit

IDW PS 880

KPMG Advisory GmbH reviewed the Fabasoft Cloud in terms of revision security in accordance with Austrian, German and Swiss commercial and tax law, and issued the certificate according to IDW PS 880. The Fabasoft Cloud therefore meets the required storage requirements in Germany, Austria and Switzerland (GoB compliant archiving) .
 
The safe and proper storage of digital data has not only become a key compliance requirement but also an existential challenge for companies. Stronger interconnectedness and current legislative changes, such as the EU Data Protection Basic Regulation, exacerbate this requirement.
 
In the case of the IDW PS 880 examination, an independent auditor determines whether and to what extent software solutions support the storage regulations in accordance with the applicable trade and tax law (audit-proof or GoB-compliant archiving) of the respective country in order to meet the required compliance.

Certificate

EuroCloud StarAudit

Fabasoft now has successfully completed the “EuroCloud StarAudit”. Fabasoft is the first company in the world to receive five stars for its Cloud services, the highest possible certification by the international “EuroCloud StarAudit” (ECSA V3.0). The certification system used for the audit and for the external quality evaluation of Cloud services in Europe is based on best practices and is carried out by the renowned organization EuroCloud Europe.​

While the testing procedures of many recognized auditing institutions put their focus on the security and compliance with data protection within a Cloud environment, the EuroCloud StarAudit (ECSA) has an approach to certification that is unique in Europe: on the basis of a comprehensive and entirely disclosed list of criteria, it checks the quality standards of the Cloud’s entire value-added chain. ECSA therefore always has a view of the entire supply chain of a Cloud ecosystem. In an audit, the strict criteria applied to the quality standards of embedded suppliers of infrastructure and platform or of a “Federated Cloud” are the same as those applied to the audited Cloud provider himself.

The list of auditing criteria comprises full details of the service provider and the actual location of the data, regulations regarding contracts and compliance, security and data protection, infrastructure operations and their related processes as well as the evaluation of the specific service types Iaas, Paas and Saas. On the basis of this important number of criteria, scientific studies have attested to the high standard of quality and the important industrial influence of the pan-European business association EuroCloud.

Advantages for Fabasoft’s customers

The Cloud certification bears many advantages for Fabasoft’s customers, such as the guaranteed refund of the monthly service charges if the service level agreed by contract is not fulfilled or if there are any system failures. The certification furthermore guarantees that the customer’s data will be retransmitted by way of a predefined process once the contract is terminated – to name just a few benefits.

For more information on the ECSA certification click here.

Audit

MoReq2

MoReq stands for Model Requirements for the Management of Electronic Records and is geared towards standardizing the creation and storage of business documents in digital form. The MoReq1 project was therefore started in Europe in 2001 to establish a uniform standard for business records management software. Because of the pace of technical development, MoReq1 soon became outdated and thus it was decided to start MoReq2.

MoReq2 is today the most important specification for electronic document and record management in Europe. The European standard specifies requirements for written material administration, document and records management as well as for electronic archiving. The current version of MoReq2 was published on February 13, 2008, complete with a certification process for software products. In order to be able to call itself "MoReq2 certified", a software product must undergo an extensive testing process.

In December 2008 Imbus AG were assigned as the first official accreditation board for MoReq2 to carry out the tests and examinations as an independent institute.

The standard is the benchmark for all users who systematically manage and store electronic and paper information. Jef Schram from the European Commission in Brussels on the motives behind the standard: "MoReq2 offers an extensive specification of requirements for the management of electronic records and business processes across the whole of Europe." MoReq2 is intended for users from the private and public sectors, for manufacturers and consultants, as well as for associations and eductional organizations.

Audit

Accessibility

Equal opportunities for people with disabilities and their integration into society and work require the accessible use of software, which is also defined by law.

The user interface of the Fabasoft Public Cloud is not only easy and intuitive to use but is also  available in 22 different languages. Moreover, it is almost 100% accessible and offers equal opportunities for people with impairments, as the certificate “very accessible” granted by Pfennigparade Center for Accessibility on the Internet in January 2015 attests. 

The Fabasoft eGov-Suite is offering accessibility for almost all kinds of disabilities. In September 2013, Pfennigparade tested the web application Fabasoft eGov-Suite 2013 for accessibility. The practical accessibility of the application corresponds to an overall result of 93.5 points of a BITV test. The Fabasoft eGov-Suite 2013 is therefore “very accessible”.

Certificate

Web Accessibility Certificate Austria (WACA) - cloud.fabasoft.com

The Web Accessibility Certificate Austria (WACA) is Austria's first quality seal promoting accessible websites according to the international WCAG 2.0 guidelines (Web Content Acessibility Guidelines). The official certificate issued by the OCG as an independent certification body, is intended to guarantee accessibility for all people on the audited website. The certificate awards the efforts made to ensure accessibility on the web and fulfils legal requirements.

The Fabasoft Cloud is the first web application to be WACA-certified by the Austrian Computer Society (OSG).  The web-based application meets the requirements of WCAG 2.0 - AA to a high degree and was awarded silver. 

 

The following criteria must be met for the Web Accessibility Certificate Austria (WACA) in silver:

  • Website/application meets WCAG 2.0 - AA success criteria to the extent possible
  • All content can be accessed by all users.
  • The basic functionality is fully accessible to all users.
  • Parts of the extended/optional functionality are less convenient to use for some users, but still accessible.