Skip to main content
Trust Center

Trust & Security at Saply

Enterprise-grade security, privacy-by-design, and GDPR-compliant CV processing, backed by an ISO/IEC 27001:2022 Information Security Management System and continuous monitoring. This page details the controls, certifications, and commitments behind every CV Saply processes.

Talk to our team View system status
ISO 27001 Certified

ISO/IEC 27001:2022

Certification in progress. Audit scheduled August 2026

Formal Information Security Management System (ISMS) implemented with Sencom Security. Independent certification audit scheduled for August 2026.

GDPR Compliant

GDPR Compliant

EU data residency · Processor under GDPR

Fully compliant with the EU General Data Protection Regulation and Belgian data protection law. Personal data is processed strictly on documented customer instructions.

Aikido Security

Aikido Security

Continuous code, cloud & dependency scanning

Continuous SAST, IaC, secrets and dependency scanning across our codebase and cloud, with a public audit report available on request.

Learn more

System Status

Real-time uptime & incident history

Live operational status, incident timelines and post-mortems published on our public status page.

Learn more
Aikido Security Audit Report Continuously monitored by Aikido Security. View our public audit report.

How we protect your data

A defence-in-depth approach, mapped to ISO 27001

Our security programme spans governance, people, applications, and infrastructure. Every control below is documented in our ISMS and independently auditable.

Governance & ISMS

Saply operates a formal Information Security Management System aligned to ISO/IEC 27001:2022, with documented policies, defined roles, and clear accountability.

  • Information Security Policy reviewed at planned intervals
  • Confidentiality obligations and annual security training for all staff
  • ISO 27001 certification audit scheduled August 2026

Data Protection & Privacy

Customer data is processed as a Processor under GDPR, on documented instructions only. We never use customer data to train AI models.

  • EU data residency on Microsoft Azure
  • DPA available for every customer, with disclosed sub-processors
  • Data minimisation and retention aligned to purpose

Encryption

Industry-standard cryptography protects customer data in transit and at rest across the platform.

  • TLS 1.2+ for all customer and internal traffic
  • AES-256 encryption for data at rest
  • Managed key rotation and modern cryptographic protocols

Access Control & Identity

Access is granted on a least-privilege basis, with centralised identity management and regular access reviews.

  • Multi-factor authentication enforced for all staff and admin access
  • Centralised identity via Microsoft Entra ID
  • Role-based access control with periodic access reviews

Application & Platform Security

Security is built into our development lifecycle, and our cloud infrastructure is designed for resilience.

  • Continuous SAST, dependency, IaC and secrets scanning via Aikido
  • Critical and high vulnerabilities remediated before release
  • Encrypted, monitored backups on redundant EU Azure infrastructure

Monitoring & Incident Response

We continuously monitor our environment and follow a documented incident response process if something goes wrong.

  • Continuous monitoring of code and cloud with Aikido and Azure-native alerting
  • Documented incident response process with severity-based triage
  • Customer notification per contract and DPA in the event of a breach

Documentation & resources

For deeper detail, we make our security and privacy documentation available on request. The pack includes our ISMS overview, sub-processor list, Aikido audit report, and pre-filled answers to standard security questionnaires.

Request security pack