Hypoport Group Code of Conduct
The Management Board of Hypoport SE is committed to maintaining high standards of lawful and ethical behaviour within the holding company and in all other Hypoport Group companies (collectively: ‘Hypoport’). This Code of Conduct (‘CoC’) sets out Hypoport’s expectations in this regard and is intended to inform the way we behave towards one another and towards our customers, business partners and other third parties. The Code of Conduct brings together in one document the most important basic rules and principles that are binding upon us, both now and in the future. It provides guidance and applies equally to every single member of the Hypoport family – to Management Board members and directors, to senior managers and to every individual employee. It sets out the standards we expect from ourselves, and at the same time enshrines our promise to those outside the Company that we will act responsibly towards business partners and the general public, and also in our dealings with one another within the Company. We share responsibility for our Company’s reputation. The misconduct of any individual person can cause immense harm to all of us. However, it is clear that it is not possible to regulate behaviour through guidelines alone. If you are uncertain in any given situation, think about what you are intending to do and ask yourself the following questions:
- Legality test: Am I sure that I am acting within the law and in compliance with the Company’s rules?
- Publicity test: Could I stand by my decision if it were to become public?
- Reversibility test: Would I still think this was a good decision even if I were the one adversely affected by it?
Here you can find the latest Constitution of Hypoport SE (German only).
ISAE 3402 Type II
International Standard on Assurance Engagements (ISAE) 3402 ‘Assurance Reports on Controls at a Service Organization’ deals with assurance engagements undertaken by a professional auditor in practice to provide a report that is likely to be relevant to user entities’ internal control as it relates to financial reporting. Both management of the service organization as well as an independent auditor make an assertion about the degree of control. The controls detailed in the ISAE3402 Type II framework aim to ensure Hypoport operates according to its own defined business processes and guidelines when it comes to developing, testing, releasing, maintaining and hosting software solutions to its customers. The processes in scope are:
- Access Management process.
- Change Management process.
- Continuity Management process.
- Incident Management process.
- Vendor Management process.
- Security Management process.
- Hosting management process.
Subservice organisations: ISO 27001 : 2017 / SOC 1 Type II
Most relevant subservice organizations for Hypoport are:
- Quaere: acts as the ICT partner for maintenance of the ICT environment (PC’s, servers, back-up facilities);
- Microsoft Azure: acts as cloud provider for Hypoport’s ‘PRoMMiSe As A Service’ solution and the LoanByLoan platform. The ‘PRoMMiSe As A Service’ solution can be facilitated for customers directly and/or used for the BPO activities.
We have service level agreements in place with these companies, detailing the level of service we agreed on, as well as the timeframe(s) in which we expect those services to be delivered, should we require them. These SLA’s serve as our controls when dealing with these subservice companies. Specific for Microsoft Azure we rely on the SOC 1 Type II report and follow up if needed. Quaere is certified ISO 27001 : 2017 on information security related to supplying and maintaining of workplaces, servers and networks. Delivering of Cloud Services, Server hosting, Website hosting, Internet connections, VoIP and support for customers through their service desk.
Hypoport SE Non-Financial report / ESG reports
For information about the treatment of employees, environmental matters, combatting corruption, social responsibility and humans rights please refer the Hypoport Non-Financial Report 2020
Please contact us directly for product demonstrations
and discuss ways to improve your operations