Security is not something that only the security officer deals with. It is an integral part of Dutchview, the company behind FlexWhere. That is why all our employees, wherever in the world, sign for confidentiality (NDA). We also check their background. In the Netherlands, we do this by requiring a Certificate of Good Conduct (VOG).
Of course, not all employees can access customer data. We keep track of who does have access and why exactly. This concerns a server administrator or our support staff. This is how we keep phishing and social engineering attempts at bay. That data remains the customer’s. With us, no back doors or fine print about transferring ownership of data.
In order for FlexWhere to work properly, we do need user data. We create a link between the organization and our software via ActiveDirectory. This is of course done via a secure connection. We use https with a certificate from Let’s Encrypt Authority X3 .
We do not store the collected data longer than is strictly necessary. We only process statistics in our daily backups. We do not include data that can be traced back to persons.
When choosing where we run our servers, we looked at the location, among other things. We wanted to keep the equipment in Europe for security reasons. That’s why we’ve contracted with AWS and use their data centers in Germany and Ireland. AWS is certified for ISO 90001, ISO 27001, ISO 27017 and ISO 27018.
These certifications ensure that important topics such as management standards, data security, cloud security and the Information Security Management System are properly arranged. Uptime is also guaranteed at AWS.
Safe use of your own laptop or smartphone
No matter how well security is arranged on the server side, this must also be in order for the user. Exploits, viruses, ransomware, Trojan horses and malware are everywhere. Our apps therefore only run on secure mobile phones and tablets. The FlexWhere app will not work without a code or fingerprint. By the way, our app does not require any permissions.
Access to the web environment is only possible via a whitelist based on ip-number. The app is accessible from anywhere, but with 2-factor authentication. This is how we ensure that Bring-Your-Own-Device (BYOD) policy is not a problem for FlexWhere. And that without endangering security.
Regular penetration testing
Security policies can be so good, they are worthless if they are not field tested. That is why our security officer regularly conducts penetration tests. It searches for vulnerabilities and ensures that the defenses of all systems are up-to-date.
A new challenge is to keep security at the highest level when sensors, cameras or other devices are used. The Internet of Things (IoT) poses unique questions when it comes to the security of devices and connections. FlexWhere works fine without these gadgets, but a lot is possible on request. We do not only look at the functionality of this new technology, but always also at potential vulnerabilities.
It may be clear, security and security are of crucial importance to us. Of course there is always room for improvement. We are therefore happy to discuss your requirements and tell you more about our approach and measures.
Call us on +44 (0)20 3960 8896 for more information or request a free no-obligation demonstration .