Skip to the main content.

Time tracking
Build your perfect data foundation for spotless invoicing and deep business insights with easy time tracking.

Project management
Be a world champion project manager. Keep your projects on track - and profitable.

Resource management
Efficiently staff projects and run a predictable business with confidence.

Insights & Reporting
Get smarter - faster - to make clever decisions for long-term growth impact.

Project accounting & Invoicing
Invoice everything - fast and accurate - while staying on top of project finances.

Staff & Salary
Give accountants and HR an intelligent tool to eliminate draining administration.

Financial Systems
TimeLog offers standard integrations for all your favourite financial systems. Save time and reduce manual tasks.

Payroll Solutions
TimeLog offers standard integrations for multiple payroll solutions. Get easy salary administration and only enter payroll information once.

Add-ons
Track time automatically via Outlook, use gamification or find another add-on that can support your business.

Multiple Legal Entities
You can create synergy between your departments and across borders and offices with the Multiple Legal Entities module from TimeLog. 

Business Intelligence
Utilise the insights you get from TimeLog to the fullest. Our system is ready to integrate with multiple BI solutions.

Partner Integrations
TimeLog PSA is part of a large ecosystem. Get an overview of all the partner integrations in the TimeLog family.

Economy department
Save 1-2 days a month on your invoicing process.

Project teams
From planning to execution and evaluation. Robust tools for every project manager.

Management teams
Create a performance-driven culture with solid reporting capabilities.

Large enterprises
Enhance operations and performance across entities, countries and departments.

NGOs and non-profit organisations
Simplify internal processes, spend less time on administration, and get documentation in place - at a discounted rate.

Blog
Get inspired to run an even better business with articles, guides and analyses.

Guides, podcasts and webinars
Get access to templates, guides and webinars that help and inspire you.

Help Center
Looking for help material and user guides to the TimeLog system? Look no further. Find all the help you need now.

Try 30 days free

Get a single source of truth
Discover how companies maintain a single source of truth across borders, departments, and currencies.

Get integrated
Discover the advantages customers gain from utilising our integrations and API. 

Reporting in real-time
Explore how others leverage reporting to optimise their processes and make informed decisions.

Get started with resource planning
Discover how other companies thoroughly grasp their resources and enhance their ability to predict future trends.

Improved project financials
This is how the efficient financial toolbox from TimeLog helps project managers and CFOs improve their project financials.

Faster invoicing
Discover how other companies have slashed the time spent on invoicing by 75% - and uncover how you can achieve the same efficiency.

The Story of TimeLog
Get insights on TimeLog and how we can help you grow and evolve your business.

Employees
See who shows up every day to deliver the best PSA solution.

Career
What's life like at TimeLog? Are we hiring? Get the answer here.

Partner
Create even more value for your customers, as well as ours, as a TimeLog Partner.

Premium Service
Online Help Center, tailored onboarding and support from Day 1.

Corporate Social Responsibility
We work to ensure a positive impact on planet, people and businesses.

Security and GDPR
Learn more about how we work to keep your data safe and provide maximum security.

4 min read

10 questions about GDPR and IT security you supplier must answer

In 2018, the EU introduced GDPR (“General Data Protection Regulation”), and ever since, IT security has been a top priority for all companies.

10 questions about GDPR and IT security you supplier must answer

You’re responsible for the security together with your suppliers

Most companies now realise that it’s not enough for themselves to master data policies, systems and security procedures. You also need to make certain that your partners and suppliers have their own standards, policies and procedures in place for their IT security.
Sascha Skydsgaard CRO, TimeLog
Sascha Skydsgaard
CRO, TimeLog

Most of your data are processed externally

Most companies have data that are processed externally. It might be outsourcing salary management bookkeeping or certain apps or programs accessed through the cloud. This means that data are processed in one way or the other. And with this, as always, when you work with data, there’s a risk of a data breach. And no matter if a breach or accident happens for you or the supplier, you’re responsible for the security.

That's why more and more companies now choose to have their work with GDPR and IT security reviewed and documented by independent auditors.

 

Three reasons to select a supplier with ISAE declarations

  1. You get an independent auditor’s approval of your supplier’s GDPR compliance and general IT security level

  2. The supplier’s processes are documented in detail in reports that are publicly available 

  3. You save time because you don’t need to control a supplier’s processes. It offers security, and you know the real status of your supplier’s work related to GDPR and IT security

Learn more about keeping your data safe with ISAE 3000 and ISAE 3402

 

 

The benefit of choosing a supplier with ISAE declarations is that you get data processing and security documentation, and independent auditors control the documentation. It offers security, and you save time.

But no matter if you select a supplier with ISAE declarations or not, you must never down-prioritise IT security.

But which questions must you ask to ensure your supplier is GDPR compliant?

We’ve gathered the essential questions for you so you can make sure your supplier is GDPR-compliant and has safety procedures and IT systems.

Ten things you need to ask your supplier to assess their security level

1. How do you document that you process sensitive personal data correctly?

Employee data, customer data, etc., are typically processed by you and your suppliers. But your company is responsible for the correct processing of data. Therefore, you must ask your supplier for documentation to prove they’re GDPR compliant.

2. Which control targets do you have in place?

Make sure to ask which control targets your supplier has in place regarding data security and IT infrastructure. A control target could, e.g. be a process for managing GDPR incidents or adequate knowledge about which systems manage which data, especially personal data.

A significant part of ISAE 3402 is to set up several documented control targets controlled by a specialised auditor.

3. When did you last assess your IT compliance?

Ask your supplier how often they revise, validate and update their IT policy and security. Companies often purchase new programs, IT tools or apps, which must be reflected in the processes and documentation. 

Unlike the ISO 2700X certifications, ISAE 3402 and ISAE 3000 control is performed annually. An ISO 2700X certification doesn’t need renewal but shows that the conditions were met at the time of the certification. So, if your supplier has an ISO certification, ask when it was done.

You might think that IT security is cumbersome or expensive. And demands are high. But if you worry about the costs of being compliant, imagine what it might cost you if you’re not and the chips are down.
Sascha Skydsgaard
CRO, TimeLog

4. Do you revise processes, procedures, and physical and logistical security?

How often do you visit your supplier? Maybe they’re placed entirely or partially in a different country? An ISAE 3402 declaration includes a physical audit of the security.

5. What is your procedure for processing sensitive personal data?

Before you implement a new system in your company, you need to know the entire process for how your supplier processes your, your customers’ or your employees’ data. In Europe, all companies are governed by the same rules related to GDPR. You need to be aware of the documentation of how the company lives up to these rules.

6. What is your procedure in case of a security breach?

Ask how the supplier manages a security breach. And note if they have a standardised and documented process.

If someone without permission accesses your data, your supplier must inform you. With an ISAE 3000 declaration, you’re guaranteed this will happen. The reason is that companies who obtain an ISAE declaration set up revised procedures regularly.

7. Which data do you process?

You probably have an idea about which data your supplier should process. But make sure your supplier can document the data they process. Also if your supplier used sub-suppliers or partners.

With an ISAE 3000 declaration, you can see an exact overview of which data are processed. And then you don’t need to investigate it yourself.

8. Which risks have you covered concerning the processing of my data?

It’s always good to be prepared. So before you cooperate with a new supplier, you need to ask for a thorough description of the risk they have listed related to their data processing.

With ISAE 3402, you are sure that processes and procedures related to data are controlled and approved by an independent specialist.

9. How do you ensure the collaboration between your IT security and GDPR obligations?

Many companies are relatively good at describing how they comply with the GDPR rules. But it’s as essential that the IT security, e.g. systems, infrastructure and processes, work with your GDPR measures and that the IT security is as well-documented as the GDPR policy.

Without IT security, GDPR measures have no value. If you want to be safe, look for a supplier with an ISAE 3000 and an ISAE 3402 declaration.

10. How do you document that the IT security in your company matures and improves constantly?

You’d like to know that you have a supplier where security is not just a buzzword but an integrated part of the organisation. A demand as part of ISAE 3402 is internal education related to IT security, data processing, etc. Ask your supplier what they do to ensure employees think about IT security and GDPR as part of their daily work routines.

TimeLog and ISAE 3000 and ISAE 3402

At TimeLog, as a service provider, we must ensure our customers don’t take any extra risks by giving us the responsibility for parts of their business and data. Therefore, we’re committed to working with a certified auditor to obtain the ISAE 3000 GDPR and ISAE 3402 declarations as a continuous, yearly target in compliance and information security work.

This is how we protect your data and keep high-security protocols. 

 

Share the ten questions with your supplier.

Finally, we’ve collected the ten questions here so you can easily copy them and send them to new or existing suppliers to ensure you receive satisfactory answers to support your GDPR compliance.

  1. How do you document that you process sensitive personal data correctly?
  2. Which control targets do you have in place?
  3. When did you last assess your IT compliance?
  4. Do you revise both processes and procedures and physical and logistical security?
  5. What is your procedure for processing sensitive personal data?
  6. What is your procedure in case of a security breach?
  7. Which data do you process?
  8. Which risks have you covered in connection to the processing of my data?
  9. How do you ensure the collaboration between your IT security and GDPR obligations?
  10. How do you document that the IT security in your company matures and improves constantly?

 

Worried about GDPR?

 
New call-to-action 
4 reasons to select a supplier with an ISAE 3000 GDPR declaration

4 reasons to select a supplier with an ISAE 3000 GDPR declaration

1 min read

Your data are (also) handled externally. Get the 10 questions that let's you assess the security level at your new supplier. Quick and hassle-free.

Download now
Navigating the Data Dilemma: Challenges and Opportunities in Business

Navigating the Data Dilemma: Challenges and Opportunities in Business

8 min read

Your data are (also) handled externally. Get the 10 questions that let's you assess the security level at your new supplier. Quick and hassle-free.

Download now
The invoicing process is the consultancy’s lifeblood

The invoicing process is the consultancy’s lifeblood

12 min read

Your data are (also) handled externally. Get the 10 questions that let's you assess the security level at your new supplier. Quick and hassle-free.

Download now
Plan your success with the new IT system

Plan your success with the new IT system

11 min read

Your data are (also) handled externally. Get the 10 questions that let's you assess the security level at your new supplier. Quick and hassle-free.

Download now
[Guide] How to avoid buying unnecessary software for your company

[Guide] How to avoid buying unnecessary software for your company

14 min read

Your data are (also) handled externally. Get the 10 questions that let's you assess the security level at your new supplier. Quick and hassle-free.

Download now
The science-backed elements to accelerate business growth

The science-backed elements to accelerate business growth

5 min read

Your data are (also) handled externally. Get the 10 questions that let's you assess the security level at your new supplier. Quick and hassle-free.

Download now
How customer feedback helps your company grow

How customer feedback helps your company grow

8 min read

Your data are (also) handled externally. Get the 10 questions that let's you assess the security level at your new supplier. Quick and hassle-free.

Download now
How to nudge your employees to track time

How to nudge your employees to track time

11 min read

Your data are (also) handled externally. Get the 10 questions that let's you assess the security level at your new supplier. Quick and hassle-free.

Download now
Improve your PSO through client relationships

Improve your PSO through client relationships

5 min read

Your data are (also) handled externally. Get the 10 questions that let's you assess the security level at your new supplier. Quick and hassle-free.

Download now