ISO27001 and EVA Check-in: Here's why it matters

At EVA Check-in we’re proud that we are ISO27001 certified.  ISO27001 certification is recognised as the global gold standard for information security management. Organisations that meet this very high standard have demonstrated that they follow best practice for securely managing information assets.

Why does security matter in visitor management?

The bottom line is that if you’re asking your visitors, contractors or staff to give you any personal data, then the relationship must be built on trust. And when you use visitor management software which is backed by an ISO certification, you know that the security foundation is about as rock-solid as it gets.  

While many systems may claim they have ISO27001, what they often mean when you investigate the details is, they use a certified platform like Microsoft Azure or Amazon AWS.  

But there is a huge difference between using a certified platform and being certified yourself. Just like when a car has a 5-star crash rating, but the driver hasn’t got a licence – you don’t get safety unless both are certified.

So next time you’re assessing whether your visitor management system is designed and managed to a high security-standard, ask yourself ‘is the vendor ISO27001 certified?’.

What’s involved in getting this certification?

EVA Check-in is one of the products made by Theta’s Product Group.  And Theta as a whole has met all the ISO27001 requirements across our people, processes and technology to manage information so that it stays secure.   This is independently reviewed and audited by an authorised assessor who then recommended certification to an approval board who signed off.  Theta is then regularly audited to ensure we continue to comply with the standard across our business.

Our team is committed to following consistent, measured, and repeatable processes to keep your data secure. As risks evolve, we continue to adapt and evolve to keep your data safe through continuous improvement, measurement and reporting with dedicated and trained staff.  

If you’d like to discuss EVA Check-in’s security design and processes, please get in touch.  

What privacy controls does EVA Check-in use?

In addition to data security, we make it easy for you to manage the privacy of the data you collect.  Being able to manage the data you collect with the best privacy controls is central to our approach. The privacy features that are baked into every plan of EVA Check-in include:

  • Data masking – we obscure personal information by default, and record who accesses it when it needs to be seen.
  • Data retention – we provide full control over data retention. Customers can choose specific retention policies to align with different visitor types.
  • Safe kiosks – many visitor systems auto-complete the details of returning visitors. While this is convenient it means personal data is exposed to others who use the kiosk – either intentionally or unintentionally searching by name. EVA Check-in offers apps, geofences, and reusable passes as alternative ways of speeding up repeat check-ins without leaking data. For added privacy you can optionally disable autocomplete on sign out too.
  • Control over what is collected - we give customers control over what data that is collected – per visitor type and per site – so only the necessary amount of data is collected.
  • Admin access – fine grained security roles in the platform let you grant access to people for specific sites and specific duties. We support Microsoft O365 logins for EVA Check-in accounts which means easier onboarding and off boarding when people leave your organisation.
  • Customer service access - We go to great lengths to ensure our customer services team does not have, nor require access to the personal information in your check-in data to provide you support.

If you’d like to discuss EVA Check-in’s privacy principles and processes, please get in touch.

Related articles