Information security

The confidentiality, integrity and availability of information are vital to your business operations and to our own success. PRé Sustainability B.V., the developer of SimaPro, is ISO/IEC 27001:2013 certified under certificate number ISC 123 for designing, building, and supporting a web-based platform for life cycle assessment and sustainability performance. Every year, we revise and improve our processes to comply with the requirements of this international standard. In short, you can trust that PRé complies with the highest standards regarding information security.

What is ISO 27001?

ISO 27001 is the international standard for information security. The standard was originally published in 2005, revised in 2013, and again most recently in 2022. ISO 27001 describes the requirements for setting up, implementing, maintaining, and continuously improving an Information Security Management System (ISMS). As per ISO 27001, the main goal of an ISMS is to protect three aspects of information:

  • Confidentiality: Only authorized persons have the right to access information.
  • Integrity: Only authorized persons can change the information.
  • Availability: The information must be accessible to authorized persons whenever it is needed.


What does our certification mean in practice?

At PRé, we are committed to keeping your information secure. We have implemented processes to ensure that we maintain a constant focus on information security. Our dedicated process owners for ISO27001 controls, IT & Security Project Manager and management team work together to ensure that every aspect of information security is covered.

To help you feel confident that your information is safe with us, we ensure that everyone in our team is trained in information security and privacy, including GDPR. We conduct annual internal and external audits and perform relevant background checks for personnel handling sensitive information.

In addition to our standard procedures, we have a crisis team that developed a formal Business Continuity Plan, an Incident Response Plan, and a Change Management Process. We periodically test our tools to ensure data availability, integrity, and confidentiality, so you can be assured that your information is safe with us.

Frequently asked questions

If you have any other questions or concerns about information security at PRé, please get in touch.

What cloud platform is used and where are the servers located?

The SimaPro platform is hosted by MS Azure. Application and databases are hosted off-site, in Western Europe, and backups are created daily.

In addition to the ISO27001 certification, how else does PRé test the SimaPro platform?

To ensure the security of our online platform, we perform penetration tests, dynamic application security testing, and static code analysis.

Does PRé comply with the GDPR legislation?

We treat all personal data in compliance with the General Data Protection Regulation (GDPR).