At CYS, security is top of mind in our daily activities. In this article you can read about the organisational security measures that we have incorporated. CYS uses the international standard for information security (ISO27001) for reference on all information security subjects.
Information security policy
There is an implemented information security policy which is updated periodically.
Logical access security and 2FA
Access rights are granted in accordance with an authorization matrix based on function profile. This means that employees only have access to systems and data that are necessary for carrying out their work. For user accounts with additional security requirements Two Factor Authentication is applied.
All employees must present a Certificate of Conduct upon commencement of employment.
Confidentiality agreements are concluded with all employees and suppliers, including sanction policies on violations.
A processor agreement is concluded with both clients and suppliers in which written agreements are made about data security.
Strong password policies
The use of strong passwords is enforced, with passwords having a limited validity. Reset of user passwords is done by means of email verification.
Personal user accounts
User accounts are only allowed on a personal level. Shared accounts or accounts on group level are not permitted.
The development, test and production environments are strictly separated. No production data is used for testing purposes. Development tests take place in a separate environment where no customer data is available. The user tests are carried out in a separate test environment that is set to the same security requirements and access rights as is the production environment.
Checks on security measures
Audits are performed to test, assess, evaluate and improve the established security measures.
If you have additional questions on how we keep your data safe, feel free to contact us through firstname.lastname@example.org and we will provide you with the information you need!