Security Statement LTP
We are LTP Advies B.V. and TestNed B.V. (together, LTP). LTP is the oldest HR consultancy bureau in the Netherlands and advises various companies with a variety of issues. Our core services consist of assessments for selection and professional development of (new) employees, personal development, performing legally required safety inspections, team/organisational development and the application of HR-related analyses (the Services). In these analyses, analytics techniques are applied to candidate- and employee-related data to detect and predict patterns in all aspects of employee recruitment and management (People Analytics). Safety inspections are carried out under the name TestNed for companies that are legally obliged to inspect personnel with safety-related functions, such as railway personnel (Safety Inspections).
For more information about our Services, please see ltp.nl (the Website).
At LTP, securing your personal data is important to us. We understand the importance of trust, which is why we’ve taken adequate security measures to protect your personal and business information. This Security Statement aims to provide an explanation on which measures we have taken and how we constantly improve these.
1. Security and ISO27001
LTP is compliant to the ISO 27001 standard, which means that we follow a systematic, all-encompassing approach to security and constantly monitor and improve the measures we have taken.
In order to constantly improve our information security, we follow a so-called Plan-Do-Check-Act (PDCA) cycle. This PDCA cycle is constantly managed and monitored in a so-called Information Security Management System (ISMS). The combination of a PDCA cycle and ISMS ensures that LTP prepares (Plan), implements (Do), checks (Check) and adjusts (Act) security measures in a controlled manner. Within LTP, there is a Risk & Quality Committee that is committed to this process and has the necessary skills and know-how to go through this PDCA cycle properly.
2. Security and risks
In order to set information security priorities correctly, risk analyses are carried out within LTP. This makes it clear which risks and threats, both concrete and geopolitical are most relevant to LTP and which measures must be prioritised.
After risks have been identified, we determine how these risks might be best mitigated. This results in concrete actions which are registered, carried out and monitored in our ISMS.
3. Measures to protect your information
We take as many security measures as possible, both technical and organizational, to protect all our data against unauthorized access, loss, alteration or destruction. The most important of these are:
- We use strong encryption for all data traffic. All data traffic is encrypted with strong Transport Layer Security (TLS) protocols and data is stored encrypted at all times. This way sensitive information that is intercepted/obtained cannot be deciphered and read;
- Employees and customers can only access sensitive information via strong authentication. This means only authorized individuals can access sensitive data through strong passwords and multi-factor authentication. In addition, tight account and rights management enforces that only the right people can view candidate data and assessment reports;
- To keep our own employees sharp and considerate when handling sensitive information, we focus on security awareness. Within LTP, clear rules of conduct have been drawn up for dealing with sensitive information and awareness sessions are regularly held to discuss current topics and threats. This way we minimize the risk that sensitive data will unknowingly fall into the wrong hands or that data will be handled carelessly;
- We have a thorough backup process to always have all our data, both from customers and LTP itself, available in the event of n incident. Additionally, we regularly test whether restoring a backup, the so-called restore procedure, works properly;
- Our assessment platform is developed and managed according to the security by design This means that during the development and testing process, technical security measures are implemented from the start to keep the platform as secure as possible and to avoid vulnerabilities as much as possible;
- We adhere very strictly to the privacy legislation of the GDPR. We look closely at how personal data is secured in both our own systems and those of suppliers. We also pay very close attention to data breaches. We report these timely within LTP, with clients and, if necessary, to the Dutch Data Protection Authority. For more information, please refer to our Privacy Statement.
4. Security and auditing
In addition to implementing measures, it is important to check whether these measures work accordingly. For this reason, we regularly carry out audits and tests. At least two audits are carried out annually to determine whether LTP still meets the ISO27001 requirements and to identify opportunities for improvement. The findings from these audits are recorded in our ISMS and included in our PDCA cycle so we can proactively implement and monitor improvements to our information security.
Complementary to conducting audits, security tests and checks are regularly carried out. For example, a periodic check of access rights ensures that only authorized individuals have access to important systems. Suppliers are also questioned and checked for security agreements to keep the risks within the supply chain as small as possible.
A penetration test or configuration assessment is regularly carried out on our assessment platform and Microsoft environment to detect vulnerabilities and resolve them as quickly and effectively as possible. Also, phishing simulations and mystery guest investigations make employees more alert to suspicious e-mails and physical activity in the office.
5. Changes to this Security Statement
We are constantly looking for ways to improve our Website and Services. We may therefore update our Security Statement from time to time. If we make significant changes to the Security Statement, we will notify those affected.
6. Contact details LTP Advies B.V. and TestNed B.V.
De entree 99-197
18th and 19th floor
1101 HE Amsterdam
+31 (0)20 3050400
info@ltp.nl
ltp.nl
KvK number: 34139534
VAT number: NL8102.84.881.B.01
