It is the policy of Level 29 Ltd, who trade under the name Gleanin, to maintain an information management system designed to meet the requirements of ISO 27001 in pursuit of its primary objective; to create, maintain and deliver the Gleanin Social Referral Marketing Platform.
Our information security objectives are to:
•Exceed all data protection requirements and continue to deliver the Gleanin services within a secure environment.
•Continuous improvement through annual risk assessments, regular monitoring and audits to ensure that risk to information in the care of Gleanin is minimised or eliminated.
•Maintain ISO27001 certification, which requires external audits every year.
•Commit to annual external vulnerability assessment and web application penetration testing.
•Provide formal information security education to all employees twice a year.
•Make available an information security pack to interested parties.
Our business management system provides a framework for setting, monitoring, reviewing and achieving our objectives.
To ensure the company maintains its awareness for continuous improvement, the business management system is regularly reviewed by the leadership team to ensure it remains appropriate and suitable to our business. The Business Management System is subject to both internal and external annual audits.
Scope of the Policy
The scope of this policy relates to the use and development of database and computer systems operated by the company in pursuit of the company’s business of providing the Gleanin Social Referral Marketing Platform (https://gleanin.com) to the events industry. Gleanin is a trading name of Level 29 Ltd. It also relates where appropriate to external risk sources including functions which are outsourced.
Tamar Beck, CEO
Frequently Asked Questions
Gleanin is certified to ISO 27001. We are certified by The British Assessment Bureau and are subject to annual external assessments to maintain the certification. Our latest certificate can be downloaded here.
As we store Personally identifiable information (“PII”) we are legally obliged to comply with General Data Protection Regulation. In data processing language we are a data processor and the event organiser remains the data controller.
We don’t store any attendee data. Event organisers can upload speaker data (name, title, company name and optionally email address) to the platform.
All data, logs and backups containing PII are stored in Ireland, in the Amazon Web Services (AWS) eu-west-1 region.
We don’t use any third-party processor of personal data other than Amazon Web Services (AWS) .
Data is encrypted with TLS while in transit. Data at rest is encrypted using AES-256.
Gleanin commits to undertaking third party Vulnerability Assessments and Web Application Penetration Testing on an annual basis. The most recent Vulnerability Assessment was conducted in October 2022 and the Web Application Penetration Testing in January 2023.
We have a business continuity plan in place and our system is designed for both application and database servers to work across Amazon availability zones.