SECURITY AND TRUST
Personio Trust Center
Data protection and information security are at the core of Personio’s products and services. Protecting your data and earning your trust is pivotal for us.
Personio's Trust Center provides you with all the latest information on the security, reliability, privacy, and compliance of our products and services.
Learn about Personio's security guidelines
Product Security
Personio has a series of checks and balances implemented along every point of the product journey, which we collectively call our Secure Software Development Lifecycle or SSDLC.
Secure SDLC
Personio follows security industry best practices to implement a series of checks across all services, software components, code, and libraries used.
Recurring Security Testing
In addition to our own internal vulnerability scans, we regularly engage with external security service providers to perform penetration tests.
Secure by Design
All accounts are created with industry best practices in mind. There are no default user accounts or setup steps to take to consider the instance “secure” out-of-the-box.
Compliance
Controls are designed and implemented at Personio with industry best practices and international standards at top of mind. Personio is ISO 27001 certified and compliance is validated by an independent third-party audit firm on an annual basis.
GDPR
Personio complies with the essential requirements of EU GDPR, ensuring data protection across the application, infrastructure, and organisation.
Data Subprocessors
Your Personio account provides you with a list of all third-party mandatory as well as optional subprocessors which process personal data.
Contractual Commitments
Personio has published a set of Technical and Organisational Measures (TOM) which lay out the binding commitments in regards to data security.
Security Policies
Personio actively maintains a collection of data security and privacy policies, which influence every step we take, keeping our customers first and foremost in our minds. Our customers can rest assured that their most sensitive data is trusted here at Personio.
Information Security
The Information Security Policy sets the principles behind the company’s commitment to protecting information and provides the foundation for its Information Security Management System (ISMS).
Data Protection
Data Protection is at the core of our company’s DNA. The Data Protection Policy includes several components which directs staff on how to process sensitive data.
Acceptable Use
As part of our ISMS, the Acceptable Use Policy sets clear guidelines for employees on using our systems, networks, and devices safely and securely.
Infrastructure Security
We know that Personio hosts your business’s most sensitive data. As such, the team develops and enforces a Security Standard and implements a suite of security controls and systems across our infrastructure, running on the Cloud.
Perimeter Security
Personio's Security Team implements a diverse stack of Intrusion Detection and Prevention technologies and methods to safeguard all our infrastructure.
Encryption
Personio uses industry-standard encryption to protect data both in transit and at rest. We also apply strong protections to safeguard account credentials.
Disaster Recovery
Personio has a documented Disaster Recovery Plan in place, to ensure your data is always available, even following the most severe of outages.
Artificial Intelligence
To ensure every AI feature we launch delivers value while, most importantly, maintains your trust, we have established Personio's Responsible AI principles to act as our compass for decision-making and product innovation.
Empower People
We aim to support & assist people with our AI systems and provide unique value that enhances individuals’ capabilities.
Design for Fairness
We design AI systems for non-discrimination, bias minimization, and inclusivity to support equitable outcomes for all.
Build for Safety
We build our AI systems with a focus on data security & privacy as well as reliability, while ensuring compliance with laws governing AI.
Getting in Touch
Personio’s Security Team knows the drill and we are prepared to help answer any questions your IT, Security, and Privacy teams might have about our products.
