At RiskChallenger we do everything within our capabilities to ensure that your data is handled and stored securely. To be as transparent as possible, we give you an overview of what we do in terms of security and other measures.
Our software is run on European servers of Google Cloud Platform. The databases have a 7 day point-in-time recovery. In addition, there are daily backups from the past month and monthly backups up to a year ago. The backups are kept in multiple locations. All data communication within RiskChallenger takes place via https with at least TLS v1.2.
It is possible to log in to RiskChallenger with a username and password. For extra security, you can opt for two-factor authentication. Another way to log in is by linking to your organization's Active Directory. New user accounts and environments at RiskChallenger can be created by RiskChallenger employees or by organization administrators. An organization administrator has access to the environments at organizational level, can create users and grant access to environments. However, an organization administrator cannot directly view and edit all projects, unless the organization administrator also has rights to those projects.
Our policy is based on the ISO-27001 standard. We follow the so-called 'best practices' to ensure our safety is in order as best as possible. We have a general information security policy and we have drawn up documents for the following matters:
At RiskChallenger, a very select group of developers have rights to the servers and databases. We call these people server administrators. Each server administrator signs a specific NDA and we ask you to provide a Certificate of Good Conduct before the rights are granted. Monitoring and auditing of the use of these rights also takes place.
Want to know more?
Do you have any questions about the security of your data? Complete the contact form, send us an email or use the chat and we will answer your questions.