Compliance

Compliance, i.e. the adherence to rules of a company, is of important importance for you as a customer. You can check how we adhere to the goals we have set, but more importantly: the requirements of authorities and institutions.

Under Our certificates you will find all certifications of TeamDrive Systems GmbH and its partners, which were carried out by independent auditors:

Under Support services for your certificates you will find information on how TeamDrive can support you in fulfilling your certificate requirements.

Our certificates

Today, you can hardly avoid using cloud services when collaborating with partners or employees outside the company – at least if the effort is low, cost-effective and the use is to be available quickly.

The most important thing in these business processes is and remains the security and protection of your data!

Since our founding in 2008, our goal has been to develop software that uses state-of-the-art encryption technologies and a sophisticated network architecture to ensure the confidentiality of all data and only authorized personsenable access to the data.

That’s why with TeamDrive you can use your services carefree and meet data protection requirements. We only offer solutions and services in the area of secure data exchange and confidential cloud use.

We are regularly audited, tested and certified by independent experts. Our solution meets the highest security standards, so that even confidential individuals such as notaries and doctors can exchange or archive sensitive data via our system.

Take a look at our certified certifications for yourself.

The EuroPriSe seal of quality

The results of our work can be found in the TeamDrive system and especially in the TeamDrive Professional application. In order to independently document this result, we commissioned accredited experts from EuroPriSe GmbH to carry out an audit of the TeamDrive solution.

TeamDrive is currently being audited again by EuroPriSe Cert GmbH for the consistent and successful implementation of all aspects of data protection and data security, with the aim of obtaining GDPR certification for our TeamDrive Professional solution (version 5) for a further two years.

EuroPriSe is the only EU-wide, independent data protection certification body for IT products and IT-based services. The seal of quality enables IT companies to demonstrate compliance with current data protection regulations.

The quality seal’s audits for compliance with current data protection regulations continue to test all features of the zero-knowledge platform and the complete end-to-end encryption.

Zero-knowledge platform means that service providers, such as TeamDrive Systems, have no knowledge of the data content that is stored on the respective servers.

Furthermore, this also expressly confirms the commitment to keepers of professional secrecy.

Certification history

Since TeamDrive Professional came onto the market, we have continually had our solution certified. We carried out the initial certifications with the Schleswig-Holstein State Center for Data Protection.

However, the Schleswig-Holstein State Center for Data Protection has discontinued its certification of the Schleswig-Holstein data protection seal of quality and the audit procedure in its previous form since May 25, 2018 due to a changed legal situation.

We have been carrying out the certificates with the company EuroPriSe since 2020.

Short report from 2020

Data quality and certificates of the TeamDrive Cloud

An important aspect of the GDPR is in which country the cloud servers on which the data is stored are physically located. TeamDrive Systems GmbH only relies on servers at German locations.

This has the advantage for you that no third countries or their higher authorities and institutions potentially have access to your data. Only you have the decryption key for the end-to-end encrypted data.

The TeamDrive cloud is located on IONOS servers in Frankfurt. As with all of our partners, at IONOS we ensure strict compliance with data protection regulations. The data centers of IONOS GmbH meet the highest security requirements and are certified according to ISO 27001.

Certificate according to ISO/IEC 27001: 2013 (PDF)

Support services for your certificates

Many organizations have formed or merged in the market to issue certification requirements for their specific areas. In many cases, these requirements have now become established as standards.

Nowadays, these standards are often based on electronic data processing or electronic data transmission.

Here we use a few examples to show you how TeamDrive can provide support in certain aspects of secure data transfer. This means that if you or your company need to meet these certification standards, you are on the safe side with TeamDrive.

The german GOBD

GOBD is the abbreviation for: Principles for the proper management and storage of books, records and documents in electronic form. The focus here is on “in electronic form”, as storing documents in paper form is usually common practice.

The GOBD regulates what needs to be taken into account so that electronic documents are recognized by the tax authorities for tax purposes.

The GOBD specifies which measures must be adhered to when dealing with electronic documents, but not which documents must be kept. This results from other legal regulations, such as the Commercial Code or tax laws.

GOBD measures when dealing with electronic documents

According to the GOBD , the following requirements must be observed when keeping books in electronic or paper form:

  • Principles of Truth, Clarity and Continuous Recordkeeping
  • Completeness, individual recording obligation, accuracy, timely bookings and records
  • Order and immutability
  • Principle of traceability and verifiability

Compliance with the first two points is the responsibility of the entrepreneur. TeamDrive can support you in complying with the last two points. Because all electronic documents stored with TeamDrive are saved unchangeable. In addition, traceability and verifiability are always ensured through a so-called audit trail.

Health Care – HIPAA

The term HIPAA stands for Healthcare Insurance Portability and Accountability Act and is a US law that was passed in 1996. HIPAA compliance is regulated by the Department of Health and Human Services (HHS) and monitored by the Office for Civil Rights (OCR).

HIPAA is composed of individual federal regulatory standards and governs the lawful use and disclosure of protected health information of individuals in the United States. This applies to all organizations, business partners and subcontractors that have access to private health information in the United States.

As part of HIPAA, among other things, technical protective measures for network and transmission security come into play, which ensure that personal patient information in particular is protected from unauthorized access. These protective measures primarily concern data storage in a private cloud.

This is where TeamDrive comes in and can provide you with the best possible support with highly secure data encryption and the zero-knowledge principle.
Do you have requirements specifically in the HIPAA environment or for data security in the healthcare sector in general? Please feel free to contact us at any time.

Hospital Future Fund – your TeamDrive consulting expertise

The EU has provided up to 4.3 billion euros for the modernization of hospitals. These funds can be accessed as part of the Hospital Future Fund (KHZF) and are primarily used to modernize modern emergency capacities, improve digital infrastructure, e.g. E.g. patient portals, electronic documentation of care and treatment services, digital medication management, IT security measures and cross-sector telemedical network structures.

TeamDrive can provide you with certified support, especially in the areas of electronic documentation, IT security and network structures. Please feel free to talk to us about the areas in which we can provide you with in-depth advice.

TISAX

TISAX® stands for Trusted Information Security Assessment Exchange. If you wanted to translate the term, it means something like “trusted exchange of information security assessments and the associated information”.

Real-time exchange with partners is particularly important in the automotive industry, which is why TISAX has been established as a security standard. It is intended to serve as a uniform, industry-specific testing model for information security for suppliers, OEMs and partners along the automotive supply chain.

TeamDrive helps you with your TISAX certification in the context of information security. All data that you encrypt via TeamDrive meets the TISAX requirements when dealing with information with high and very high protection requirements.

ITAR

ITAR is a US set of rules and stands for International Traffic in Arms Regulations – translated roughly: “Regulations of the international arms trade”. The regulations govern the sale and distribution of defense and space-related items and services according to the United States Munitions List (USML).

In addition to the actual military equipment, ITAR also provides production documents, so-called “technical data,” with corresponding regulations.

Since it is a US regulatory framework, ITAR is limited to defense and military technologies exclusively to US citizens. This can still be regulated quite well in the classic trade in physical weapons. The problem arises when it comes to “technical data”, which is often stored and exchanged electronically and could therefore reach a group of addressees other than just US citizens.

Accordingly, the US government requires the establishment and implementation of a documented ITAR- Compliance program, which must include tracking, monitoring and testing of technical data.

This is where TeamDrive comes into play in the area of electronic data. All data you encrypt via TeamDrive meets ITAR requirements and ensures separation between US citizens and others. In addition, the traceability of the data is logged in TeamDrive.

CCPA

The CCPA stands for California Consumer Privacy Act. It was specifically developed by the State of California and is intended to improve the protection of personal information of consumers in California. It is irrelevant where the companies that process this data are based.

This shows that there is no uniform data protection law in the USA comparable to the GDPR in Europe, which applies across all federal states.

The CCPA applies to every for-profit business in the world under certain conditions:

  • Sale/processing of more than 50,000 personal data or
  • achieves annual sales of more than $25 million or
  • Generates more than 50 percent of its annual revenue from the sale of California residents’ personal information

The CCPA also applies the opt-out or consent principle (e.g. for the transfer of data). Rights of those affected must be taken into account, such as the right to information, deletion, equal treatment and the right to data portability. In addition, as in the GDPR, the market place principle applies here. It is not important where the service providing company is located, but rather whether it provides services to Californians.

This is where TeamDrive can support you, because with TeamDrive data is protected so that it cannot be accessed by third parties.