Information security

As a Nordic rooted company, we grew up with democratic equality values. The protection of privacy is one of those values. Everyone has the right to protection of personal data concerning him or her.
We are thorough with our information security, and we are all set to meet the GDPR.


When you hand your data over to us, we guarantee to treat it with focus on:

Confidentiality – only the right persons get access to your data and results
Integrity – your data and results are correct
Availability – your results are available, whenever you need them
We go above and beyond to secure that nothing happens to your data in our care, and that your security representatives feel completely safe.

We have an ISAE 3000 / SOC 2 audit without remarks and we have since 2012 been among the few Danish companies, who are ISO 27001 certified.

ISAE 3000 / SOC 2

Deloitte has performed an audit by the ISAE 3000 and SOC 2 standards. After a thorough evaluation, they have not put a single remark in the report. Our security is reviewed annually.

ISO 27001 certificate

The highest possible security certification. Many companies follow the standard, but only few companies are certified. We have held our certification since 2012 proving our consistent high security level.

This means we have proof for our high data security level. But it also means that we have put – and every day put – an extraordinary effort into maintaining the full control.


Firstly, it is important, that our customers feel safe handing over their data to us. We are usually dealing with confidential data. It is crucial that our clients can focus on their business not worrying how we handle their data.

This is why we always make a data processor agreement. We precisely define, how we process data, and what we do with it afterwards. Ennova never lets third parties process survey data without an explicit agreement.

Secondly, the technological landscape constantly changes. New threats appear, and cyber criminals keep coming up with new ways to get access.

For this reason we keep updated and monitor or systems. This way we detect irregular activity in time to take action in due time. We are ready not only for every imaginable scenario. We also have procedures to spot the unimaginable.

Thirdly, it is important to be compliant and to make sure that our clients are so too. Legally, we are the data processor and the client is the data controller. Among other thing the coming General Data Protection Regulation (GDPR) demands that the data processor instruct the data controller to a larger extent.

We are fully ready for the regulation, and we are solidly equipped to instruct you.

Our audits and certificates prove our security level. We have asked external parties to scrutinize us to expose potential security breaches. And as mentioned above they did not find a single remark.


Subscribe to our newsletter and be among the first to get the news.