The TriFact365 information security policy is based on the fact that all information clients add or generate via TriFact365 is optimally protected.
The following concepts are central:
- Availability: Is the data available at the desired time?
- Integrity: Is the data correct?
- Confidentiality: Do only authorized persons have access to the data?
Prevention and detection
TriFact365 follows a ‘defense in depth’ strategy. This means that several layers of protection apply. Should one of the layers fail, the next layer will still offer protection. This applies to ensure the availability, integrity and confidentiality of the service.
TriFact365 uses the following components.
- Servers en datacentra: At TriFact365 we use the secure data centers and services from Amazon, Google and Microsoft. All processes of Microsoft are certified via SAS-70 and ISO declarations. In terms of availability, these vendors guarantee at least 99.9% uptime for the servers that we use.
- Document processing: For the processing of documents we use Amazon, Google, IBM and Microsoft. These suppliers declare the GDPR, Privacy Shield and EU Clauses applicable. In terms of availability, these vendors guarantee at least 99.9% uptime for the services that we use.
- Back-up: A copy is automatically made of our database continuously. The data is stored in Western and Northern Europe. We are using the data centers of Amazon, Google and Microsoft.
- Monitoring 24×7: In addition, TriFact365 continually monitors the availability of our web services. Problems our users experience are in most cases immediately noticed by our experts and picked up.
- Secured webservices: The TriFact365 webservices are secured with SSL certificates that control the authenticity of users. The data that is sent between you and TriFact365 is encrypted and secured via this SSL (https) connection.
- Security scan: Our webservices are continously monitored for unusual traffic (spam and malware). Ath the same time also the SSL connection is checked. Various anti-virus and anti-malware measures have been implemented.
- Alerts: Based on suspicious log events.
- Patch policy: To roll out security patches very quickly.
- Confidentiality: Our employees are aware of the risks of working with online data. TriFact365 maintains strict separation of functions. All employees have signed a confidentiality agreement.
- Service Level Agreement: The quality of our services is defined in a Service Level Agreement (SLA). The SLA states which levels of service you can expect from TriFact365.
Unauthorized access to data or systems from TriFact365 is not permitted. TriFact365 will report on observation of these activities.