Certifications & Audits


ISO 9001 - Quality Management

Since 2005 the entire Fabasoft company has been ISO 9001:2008 certified. Once a year our quality management is audited and certified by a leading certification body.

The aims of the audit are to examine the conformity with demand models and the identifying of potential for the further development of the quality management system. The most recent surveillance audit was carried out successfully by TÜV AUSTRIA CERT GMBH in July 2015.

Continuous Improvement

The quality management system at Fabasoft is a living system. This means that work methods, processes and their corresponding documentation are continuously adapted to the new data and constantly undergoing improvements.

All Fabasoft business-relevant processes are depicted in the form of graphic process diagrams in the process landscape in the internal system. The further development, checking and approval of these processes is the responsibility of the process designer and is defined for every process.

Focus on Customer Orientation

A strategic aim of Fabasoft lies in a strong customer orientation of the quality management system. At Fabasoft customer satisfaction is of the highest importance. Our customers have the opportunity to share their opinions and improvement suggestions with us. In regular meetings (User Group) customers can give their feedback directly to Fabasoft. The results and evaluations of customer surveys are analyzed and integrated into the improvement processes to ensure that the customer demands are met.



ISO 27001 - Information Security

In June 2008 Fabasoft received the ISO 27001 certificate for its Head Office in Linz for the first time. The ISO 27001 standard is a globally recognized standard for the assessment of the security of IT environments.

Clearly Defined Standards

The certification’s range of validity specifies the requirements for fully comprehensive information security management concerning all IT and business processes as well as all confidential company information. For customers, the ISO 27001 certification means compliance with clearly defined technical and security based standards and thereby defined service levels for the Fabasoft data centers.

Continual Adaptation

Periodical internal controlling of the processes and provisions detailed in the ISO 27001 is the basis for the further development of internal IT security standards and the continual adaptation according to changing frameworks and tasks.

The most recent surveillance audit was carried out successfully by TÜV AUSTRIA CERT GMBH in July 2015.



ISO 20000 - IT Service Management

In May 2011 Fabasoft received the ISO 20000 certificate for the IT services Folio Cloud and Folio SaaS for the first time. The ISO 20000-1 standard is an internationally recognized standard for IT service management systems which documents the requirements for professional IT service management.

Implementation of International Standards

With this certification, Fabasoft underlines its strategy of implementing international standards.

ISO 20000-1 serves as a measurable quality standard for IT Service Management (ITSM). The aim of ISO 20000 is to deliver a higher quality of IT services to customers. Alignment according to the needs and requirements of customers plays a primary role.

Conformity with ITIL

The standard also serves as an instrument to model processes in an optimized management system as they are described in the Office Government Commerce (OGC)’s IT Infrastructure Library (ITIL). This encompasses such core processes as change, release, incident, problem and security management.

The certification brings with it many advantages. Alongside the targeted improvement of processes through regulated structures, service level maintenance, customer satisfaction and availability of services are more easily measurable by means of key performance indicators.

The most recent surveillance audit was carried out successfully by TÜV AUSTRIA CERT GMBH in July 2015.



TÜV Rheinland

The TÜV Rheinland certification confirms that the Fabasoft Cloud GmbH services Fabasoft Cloud, Fabasoft Folio SaaS, HeadsUp! User Engagement and Mindbreeze InSite meet the following objectives for cloud infrastructure and cloud application:

  • Secure data hosting
  • Secure data transmission
  • Secure operation of business-critical applications
  • Quality and availability of service provision – high service continuity, high on-demand scalability
  • Secure, high-quality data access and data storage – secure login methods and authentication system for data access control on network level
  • State-of-the-art protection against attacks

During the certification process the Fabasoft Cloud GmbH underwent an intensive external and internal safety analysis as well as a technical, physical and organisational audit of the security measures and operational processes. The audit report nr. 63004918 version 1.0 is part of this certification.

The validity of the certificate will be monitored via annual surveillance audits carried out by the TÜV Rheinland i-sec GmbH.

For more information please click here.



ISAE 3402 Type 2

The International Standard on Assurance Engagements (ISAE 3402) is the international testing standard that assesses the effectiveness of internal control systems (IKS) of service providing organizations. The standard was created by the International Auditing and Assurance Standards Board (IAASB) as a successor to the SAS 70 Standard. Up until 2011 Fabasoft was tested according to the AICPA’s reporting standard SAS 70 Type II, afterwards according to ISAE.

ISAE 3402 aims to extensively test an organization’s internal control system and to rate its effectiveness in detail. The testing takes place over a six month period. The ISAE 3402 test report contains the opinion of an external test company on the control procedure at the service provider, a description of the control points, the test methods and controls, information about the test period and a statement about the effectiveness of the controls.



Audit-proof Archiving

The vision of a paper-free office is as old as the first IBM PC that fitted onto a regular desk – but we're still chasing that dream. The rules and regulations governing the storage of business records, invoices, contracts, documentation for accounts and financial records are partly to blame for this. Time limits legally required for storage vary from a few years to eternity and beyond.

Folio Cloud is a huge step forward, as audit-proof electronic storage eliminates the costs and space requirements needed for hard-copy storage.

Verified Quality

The PricewaterhouseCoopers auditors worked according to a checklist. Some of the most important points, which were naturally found to be without faults, were:


  • Data access. Already in the course of the ISAE 3402 Type II test, virtual and physical access restrictions were thoroughly checked and found to be sufficient. Client data is safe from prying eyes.
  • Data cannot be amended retrospectively.
  • Relevant documents cannot be deleted before the time limit expires –not even by Fabasoft administrators.
  • The trail from paper to electronic storage is sufficently secured.
  • All legal requirements are met.


MoReq stands for Model Requirements for the Management of Electronic Records and is geared towards standardizing the creation and storage of business documents in digital form. The MoReq1 project was therefore started in Europe in 2001 to establish a uniform standard for business records management software. Because of the pace of technical development, MoReq1 soon became outdated and thus it was decided to start MoReq2.

MoReq2 is today the most important specification for electronic document and record management in Europe. The European standard specifies requirements for written material administration, document and records management as well as for electronic archiving. The current version of MoReq2 was published on February 13, 2008, complete with a certification process for software products. In order to be able to call itself "MoReq2 certified", a software product must undergo an extensive testing process.

In December 2008 Imbus AG were assigned as the first official accreditation board for MoReq2 to carry out the tests and examinations as an independent institute.

The standard is the benchmark for all users who systematically manage and store electronic and paper information. Jef Schram from the European Commission in Brussels on the motives behind the standard: "MoReq2 offers an extensive specification of requirements for the management of electronic records and business processes across the whole of Europe." MoReq2 is intended for users from the private and public sectors, for manufacturers and consultants, as well as for associations and eductional organizations.