RiskChallenger software security

RiskChallenger's various security measures

At RiskChallenger, we do everything in our power to ensure that your data is treated and stored securely. In order to be as transparent as possible, we give you an overview of what we do, among other things, in terms of security and other measures.

Data storage

Our software runs on Google Cloud Platform European servers. The databases have a 7-day point-in-time recovery. In addition, there are daily backups from the past month and monthly backups up to a year ago. The backups are stored in multiple locations. All data communication within RiskChallenger takes place via https with at least TLS v1.2.

Login and access

It is possible to log in to RiskChallenger with a username and password. As an extra security, you can opt for two-factor authentication. here you can find out how to set this up. Another way to log in is to connect to your organization's Active Directory. More information about this can be found here.

New user accounts and environments at RiskChallenger can be created by RiskChallenger employees or organization administrators. An organization administrator has access to the environments at the organization level, can create users and provide access to environments. However, an organization administrator cannot view and edit all projects directly, unless the organization administrator himself also has rights to those projects.

ISO-27001

Our policy is based on the ISO-27001 standard. Of these, we follow the so-called “best practices” to keep our safety in the best possible order. We have a general information security policy, including documents for the following issues:

  • CIA-based asset policy
  • Policy for managing our source code
  • Protocol for dealing with and recording incidents
  • Security Code of Conduct for All Staff
  • Responsibilities of server administrators and policy for naming administrators

At RiskChallenger, a very select group of developers have rights to the servers and databases. We call these people server administrators. Each server administrator signs a specific NDA and we ask a VOG to be provided before the rights are granted. The use of these rights is also monitored and audited.

Want to know more?

Do you have any questions about the security of your data? Fill it contact form in, send us a email or use the chat. We'd love to answer your question!

Multiple Authentication

Secure your RiskChallenger account

Multi-factor authentication increases the security of your RiskChallenger account. Accounts that have multi-factor authentication enabled require an extra step when logging in, which reduces the chance of unauthorized persons gaining access to the account and data. On this page, you will find the step-by-step plan to activate this multiple authentication.

Authenticator App

To use multi-factor authentication, use an app on your smartphone. If you don't have an app installed for this yet, you can use one of the applications below. Then follow the respective authenticator app's guide to add a new account.

Configuration

1.

To configure multi-factor authentication, go to your computer https://account.riskchallenger.nl and log in with your RiskChallenger account.

2.

Multi-factor authentication can be found under the heading “Security”. Here, you can see if it's already enabled and make changes to the settings. Click the “Configure” button to configure multi-factor authentication.

3.

A pop-up with a QR code now opens. You must scan it with the multi-factor authentication app on your smartphone. Once the QR code has been scanned successfully, you'll see the email address you used to sign in to RiskChallenger and a six-digit code. This six-digit code is your token. Enter this code below the QR code you just scanned on your computer.

4.

Click “Save” to set up multi-factor authentication.

5.

When multi-factor authentication is successfully set up, you'll see a list of recovery codes. Keep these recovery codes in a safe place. If you don't have access to your authenticator app, you can use these recovery codes to still access your RiskChallenger account. The recovery codes are shown only once and are each valid once.

Use

If your account has multi-factor authentication enabled, you'll need to enter a six-digit code when you sign in. This code is requested after you enter your password.If you don't have access to your authenticator app, you can use one of the saved recovery codes. If you also don't have access to your recovery codes, you can contact us to restore your account. Select by our contact page the “Software Problem” option.

Microsoft login

Sign in with your Microsoft account

Logging in with your Microsoft account increases the security of your RiskChallenger account. This functionality ensures that you do not have to remember an extra password, but that you can log in securely via Microsoft's systems.

Configuration

To set up sign-in via your Microsoft account, go to your computer or laptop to https://account.riskchallenger.nl and log in with your RiskChallenger account.

Under the “Security” heading, you'll see a button with “Connect Microsoft Account”. Click here to begin the configuration. You will then be redirected to Microsoft to log in there as well. Depending on your Microsoft account settings, you may see another screen where you need to confirm the link. If the configuration is successful, you will be redirected back to the RiskChallenger app. Here, under the heading “Security”, you will find “Microsoft” as the login method. Your Microsoft account is then linked.

Use

If you have enabled your account to sign in with your Microsoft account, you can continue to use RiskChallenger in the same way. While logging into RiskChallenger, you will now be redirected to Microsoft and can log in via your account there. If you are already logged into Microsoft, you will not notice this and you will be logged into your RiskChallenger account immediately after entering your email address in RiskChallenger.