The protection of your data is crucial to us and embedded in everything we do. And as all information is hosted at Microsoft we adhere to the most rigorous security standards.
Our security philosophy
At Human Risks we know that keeping our customers’ data and privacy is essential, and we have taken all possible measures to prevent unauthorized access to our systems – both in the cloud and on-premises.
We use strong generated passwords and two-factor authentication to all our online accounts and all access to our production environment is limited to a select number of IP-addresses.
Secure hosting environment
Our entire platform is hosted on Microsoft Azure, one of the world’s most secure cloud providers. Microsoft Azure leads the industry with comprehensive compliance coverage, including ISO 27001:2013, 27017:2014, 27018:2014, 20000-1:2011, 22301:2012 and 9001:2015. Microsoft Azure also maintains the highest possible CSA STAR certification.
More information about Microsoft Azure’s compliance offerings can be found here:
All connections to the Human Risks web-platform and our API are encrypted using AES 256, and we use real-time encryption and decryption on all of our databases, associated backups and transaction logs. Our production database access is limited to our other Azure services and on-premise IP-address. In case of an emergency, we have the ability to add another IP-address to the database firewall. In such cases, the IP-address will be removed immediately after the emergency is resolved.
All of our cryptographic keys are stored in the Azure Key Vault.
reliability and recovery
Our platform is built with scalability, automation and separation of concern in mind. We always notify the customer in advance when we have planned updates to the platform or our databases.
All of our databases are protected by automatic backups. Full backups are taken every week, differential backups every day, and log backups every 5 minutes. Our databases are situated in the Netherlands with an off-site replica in Ireland. In the event of an emergency, we have the ability to perform a point-in-time restore, which allows us to restore the database to any given point in time, up to the millisecond, within our retention period (14 days). As a last resort, we can utilize our off-site backups to recover our database in case of a regional outage.
We have enabled auditing on all of our databases with unlimited retention.