Start /
Information for users of 2Secures whistleblowing system
Read the information about the our new IT-partners and give your approval at the bottom of this page
Who are the new subcontractors?
The new subcontractors are Swedish companies with extensive experience in developing safe and secure IT systems with encrypted information sharing. They have clients with very high regulatory requirements operating in banking and finance sector as well as businesses handling patient data.
The technical platform has been developed by Sweet Systems in close collaboration with Synkzone. Synkzone offers a security model with robust encryption and a unique key management system integrated into Sweet Systems’ platform. All sensitive information is stored in Synkzone. 2Secure owns the encryption key and only specifically designated case officers at 2Secure have access.
This upgraded version of 2Whistle will be maintained and monitored by 2Secure’s established partner, IT-Total Sweden AB. All data will continue to be stored on servers in Sweden, owned by a Swedish company. The service level remains unchanged, and vulnerability scans and penetration tests of the platform will be performed continuously.
These IT-partners meet 2Secure’s high-security requirements, and DPA:s has been established.
For inquiries, please contact wb@2secure.se.
New IT-partners of 2Whistle
Synkzone AB (556760-3583)
Synkzone offers its clients secure storage and file sharing in the clients own private cloud, separated from others with a strong cryptological solution. They currently have ten employees in two offices, six at the development office in Gothenburg and four at the sales office in Stockholm. All employees have undergone background checks and management systems are set up in accordance with ISO 27000 standards.
The companies Glesys and Safespring are used as storage partners. Both companies are Swedish with a high security culture and ISO 27001 certifications.
For 2Whistle, Synkzone contributes with a storage and file sharing service to facilitate and streamline the case management process. They never have access to any confidential information. Thanks to cryptographic separation between the zones, all data is logically separated between the zones. For extra security, multi-layer encryption is also used, which means that the communication is also encrypted between different devices.
Will Synkzone process personal data?
The only personal data visible to Synkzone is the contact information of the members of your whistleblowing committee, as well as others you authorize to access case information. All other information in the system is encrypted with keys owned by 2Secure. No personal data will be processed in a way that entails a third country transfer. A DPA has been established between 2Secure and Synkzone.
Describe access management and traceability.
2Secure has full control over the access management of the administrative hierarchy, which is based on need to know, not nice to know. In addition, good traceability is offered in zone logs.
Has there been any security testing of Synkzone?
2Secure’s internal security department has reviewed the company. The company and its working methods meet 2Secure’s high security standards and requirements.
Sweet Systems AB (556703-0860)
Sweet Systems provides software to support their clients’ sales processes, case management and marketing. The company develops, sells, and implements all services in-house. Turnover is approximately SEK 60 million and the company is based in Stockholm, Sweden, where all 50 employees are located. Customers are mainly in Sweden, but also in the EU. All employees have undergone background checks.
For 2Whistle, Sweet Systems has built a system for anonymous reporting and case management. Sweet Systems is supporting the system and never has access to any confidential information. The company does not use any subcontractors that are relevant to 2Whistle.
Will Sweet Systems process personal data?
The only personal data visible to Sweet Systems is the contact information of the members of your whistleblowing committee, as well as others you authorize to access case information. No personal data will be processed in a way that entails a third country transfer. A DPA has been established between 2Secure and Sweet Systems.
Describe access management and traceability.
Access management in Sweet Systems can be controlled on an individual and/or group level. This controls which entities and features a user has access to. Each post is logged with read by, updated by, and time.
Have there been security tests of Sweet Systems?
2Secure’s internal security department has reviewed the company. The company and its working methods meet 2Secure’s high security standards and requirements.
IT-Total Sweden AB
IT-Total provides a wide range of IT and data services and is 2Secure’s IT operations partner. They have 110 employees, based in Stockholm and a turnover of approximately SEK 320 million. All employees have undergone security clearance.
For 2Whistle, IT-Total provides a private cloud service, which includes server and database operations and never has access to any confidential information. IT-Total uses Aura as a subcontractor, which is included as a sub-processor in the DPA agreement with 2Secure. IT-Total is an NIS supplier and certified according to ISO 27001:2013.
Will the subcontractor process personal data?
All information in the system is encrypted with keys owned by 2secure. No personal data will be processed in a way that entails a third country transfer. IT-Total follows the standard that is set together with 2Secure. Services such as antivirus, logging, and firewall advanced are applied to 2Whistle.
Describe access management and traceability.
All access to the underlying infrastructure is managed, logged, and controlled by IT-Total via central ITSM, according to authorized administrators at 2Secure. Access to the system itself are managed by 2Secure.
Has security testing been carried out by IT-Total?
2Secure’s internal security department has reviewed the company. The company and its working methods meet 2Secure’s high security standards and requirements.
Fill out the form to approve the suppliers
For inquiries, please contact wb@2secure.se.