Information Security

Information Security at LeanMind

LeanMind GmbH maintains an Information Security Management System (ISMS) in accordance with the ISO 27001 standard.

Scope of Application

The ISMS at LeanMind GmbH covers the development, operation, maintenance, and sales and distributions of software solutions, as well as consulting services in the field of Governance, Risk & Compliance (GRC).

Information Security Objectives

Our ISMS supports LeanMind GmbH in protecting both its internal information assets and infrastructure, and the data entrusted to us by customers through our SaaS platform, LENO. Management is committed to providing the necessary personnel and financial resources to establish, maintain, and continuously improve the ISMS.

The core aim of our information security efforts is to uphold the confidentiality, integrity, and availability of information assets:

  • Confidentiality ensures that information is disclosed or made available only to authorized individuals, organizations, or processes (ISO 27000, 3.10)
  • Integrity ensures the accuracy and completeness of information (ISO 27000, 3.36)
  • Availability ensures that authorized users have access to information when they need it  (ISO 27000, 3.7)

These principles are critical to LeanMind as the provider of the cloud-based compliance solution LENO:

  • Our customers use LENO to manage contractual relationships with their suppliers. These contracts typically contain confidential and sometimes personal data, which must be protected in accordance with applicable laws.
  • LeanMind’s customers operate in regulated industries and are subject to supervisory authorities in their respective regions. They must be confident that their data in LENO is stored accurately and completely, and is protected against unauthorized changes, compromise, or loss during maintenance or due to flawed access control.
  • Customers also expect a high level of availability from platforms like LENO. This is essential for enabling efficient business processes and ensuring continuous audit readiness.

To support this, LeanMind has translated its overarching security goals into measurable targets and defined KPIs that are regularly monitored and reviewed.

Measures to Ensure Information Security

The measures we take to safeguard information are detailed in our internal Statement of Applicability (SoA). This document is not shared externally. All controls from Annex A of ISO 27001 are implemented without exclusion.

Classification of Information

At LeanMind, information is classified according to a three-tier model to ensure a consistent and responsible approach to handling information — both within the organization and externally. Each classification defines how information should be processed, stored, and, where necessary, shared.

„Public“
Information that is freely accessible and may be shared without restriction.

„Internal“
Information intended for internal use. It is handled with care and may only be shared externally under clearly defined conditions.

„Confidential“
Sensitive information requiring special protection. It is subject to defined handling rules and may only be shared in a controlled and clearly labeled manner.

This classification model ensures transparency and consistency, even when information is shared externally.

Management Commitment

LeanMind GmbH’s management is committed to integrating information security into all business decisions. It provides sufficient personnel and financial resources to implement and maintain the ISMS and ensures that it delivers the intended results.

Together with other leaders, management leads by example, prioritizing information security and data protection in their daily work. They continuously advocate for data protection and information security across the organization.

That said, information security is a shared responsibility. Its success depends on the engagement of every employee. Accordingly, all staff are expected to

  • Comply with relevant policies and support peers in doing so
  • Report information security events and incidents
  • Share insights on emerging threats with the information security team
  • Propose improvements and contribute to their implementation

Consequences and Disciplinary Process

Implementing and maintaining an ISMS is a continuous learning process. Mistakes can happen and may lead to security incidents. We trust that all LeanMind employees strive to avoid such errors in good faith. Nonetheless, all incidents must be reported immediately. They are addressed promptly and used as learning opportunities. In cases where incidents result from intentional or grossly negligent behavior, or from ignoring policies, we will take appropriate disciplinary action in accordance with labor law.

Last Updated: May 27, 2025

United Governance, Risk & Compliance

About usCareerBlog
Contact us
visit our Trust Center
© 2025 LeanMind. All rights reserved.
Privacy PolicyInformation SecurityImprint