RiskChallenger software security
RiskChallenger's various security measures
At RiskChallenger, we do everything in our power to ensure that your data is treated and stored securely. In order to be as transparent as possible, we give you an overview of what we do, among other things, in terms of security and other measures.
Data storage
Our software runs on Google Cloud Platform European servers. The databases have a 7-day point-in-time recovery. In addition, there are daily backups from the past month and monthly backups up to a year ago. The backups are stored in multiple locations. All data communication within RiskChallenger takes place via https with at least TLS v1.2.
Login and access
It is possible to log in to RiskChallenger with a username and password. As an extra security, you can opt for two-factor authentication. here you can find out how to set this up. Another way to log in is to connect to your organization's Active Directory. More information about this can be found here.
New user accounts and environments at RiskChallenger can be created by RiskChallenger employees or organization administrators. An organization administrator has access to the environments at the organization level, can create users and provide access to environments. However, an organization administrator cannot view and edit all projects directly, unless the organization administrator himself also has rights to those projects.
ISO-27001
Our policy is based on the ISO-27001 standard. Of these, we follow the so-called “best practices” to keep our safety in the best possible order. We have a general information security policy, including documents for the following issues:
- CIA-based asset policy
- Policy for managing our source code
- Protocol for dealing with and recording incidents
- Security Code of Conduct for All Staff
- Responsibilities of server administrators and policy for naming administrators
At RiskChallenger, a very select group of developers have rights to the servers and databases. We call these people server administrators. Each server administrator signs a specific NDA and we ask a VOG to be provided before the rights are granted. The use of these rights is also monitored and audited.
Want to know more?
Do you have any questions about the security of your data? Fill it contact form in, send us a email or use the chat. We'd love to answer your question!
Secure your RiskChallenger account
Multi-factor authentication increases the security of your RiskChallenger account. Accounts that have multi-factor authentication enabled require an extra step when logging in, which reduces the chance of unauthorized persons gaining access to the account and data. On this page, you will find the step-by-step plan to activate this multiple authentication.
Authenticator App
To use multi-factor authentication, use an app on your smartphone. If you don't have an app installed for this yet, you can use one of the applications below. Then follow the respective authenticator app's guide to add a new account.
Configuration
To configure multi-factor authentication, go to your computer https://account.riskchallenger.nl and log in with your RiskChallenger account.
Multi-factor authentication can be found under the heading “Security”. Here, you can see if it's already enabled and make changes to the settings. Click the “Configure” button to configure multi-factor authentication.
A pop-up with a QR code now opens. You must scan it with the multi-factor authentication app on your smartphone. Once the QR code has been scanned successfully, you'll see the email address you used to sign in to RiskChallenger and a six-digit code. This six-digit code is your token. Enter this code below the QR code you just scanned on your computer.
Click “Save” to set up multi-factor authentication.
When multi-factor authentication is successfully set up, you'll see a list of recovery codes. Keep these recovery codes in a safe place. If you don't have access to your authenticator app, you can use these recovery codes to still access your RiskChallenger account. The recovery codes are shown only once and are each valid once.
Use
If your account has multi-factor authentication enabled, you'll need to enter a six-digit code when you sign in. This code is requested after you enter your password.If you don't have access to your authenticator app, you can use one of the saved recovery codes. If you also don't have access to your recovery codes, you can contact us to restore your account. Select by our contact page the “Software Problem” option.
Sign in with your Microsoft account
Logging in with your Microsoft account increases the security of your RiskChallenger account. This functionality ensures that you do not have to remember an extra password, but that you can log in securely via Microsoft's systems.
Configuration
To set up sign-in via your Microsoft account, go to your computer or laptop to https://account.riskchallenger.nl and log in with your RiskChallenger account.
Under the “Security” heading, you'll see a button with “Connect Microsoft Account”. Click here to begin the configuration. You will then be redirected to Microsoft to log in there as well. Depending on your Microsoft account settings, you may see another screen where you need to confirm the link. If the configuration is successful, you will be redirected back to the RiskChallenger app. Here, under the heading “Security”, you will find “Microsoft” as the login method. Your Microsoft account is then linked.
Use
If you have enabled your account to sign in with your Microsoft account, you can continue to use RiskChallenger in the same way. While logging into RiskChallenger, you will now be redirected to Microsoft and can log in via your account there. If you are already logged into Microsoft, you will not notice this and you will be logged into your RiskChallenger account immediately after entering your email address in RiskChallenger.
