Riskonnect and our platform provider protect customer data by providing end to end security.
Security You Can Count On
End to End Security
Security takes on several dimensions. Riskonnect and our platform provider protect customer data by providing end to end security. This includes password policies, security roles, encryption, and audit logs. Password policies can be defined to fit client standards including timeouts, length, and password strength.
Total Access Control
Security roles for access is a staple with our system. Riskonnect offers the control needed to prevent unauthorized access to any part of your RMIS, down to the field level. User access to the system is determined by the assigned security profile, which is managed by your System Administrator(s) or by Riskonnect. Profiles dictate the level of access an individual can have to the system from objects, reports, page layouts and views, and specific fields.
Riskonnect supports 256-bit TLS certificates and 2047-bit RSA public keys at a minimum. All data exchanges are encrypted via SFTP with PGP. Data encryption at rest using AES 256 is available. Field level encryption is available utilizing key splitting. Splitting is utilized to separate the keying material between the application server and the database.
- Customized password policies that match your organization’s policies
- Access may be restricted to your network
- Tightly controlled perimeter firewalls
- Intrusion detection systems
- Proactive log monitoring
- Top-tier data center facilities
- Biometric access screening
- Escort controlled access
- Armed guards
- HTTPS certificates signed w/ SHA-256 hash algorithm
- Symantec Issued Certificates
- All passwords encrypted
- Highly secure session key management
- Application self-monitors for security violations
- Access to data may be limited by type of user and part of organization
- Granular security may limit access to type of data, fields, reports, screens and functionality as required
Third Party Validation Services
Riskonnect, Inc. passed the SOC 2 Type 2 audit in June 2016. It completed SSAE 16 Type 2 & ISAE 3402 Examination of its technology applications and related services in January 2015. The examination was performed by an independent audit firm. Completion of the SSAE 16 Type 2 & ISAE 3402 Examination indicates that selected Riskonnect processes, procedures and controls have been formally evaluated and tested. The company completed the SSAE 16 Type I Examination in June 2011 and is committed to maintaining its certifications annually.
This provides end-to-end third party attestation for our platform and everything we do for our clients, and is supplementary to the best-in-class assurance report available from our platform. Also, Riskonnect provides complete documentation of its related assurance reports providing full transparency to our prospects and clients.
Additional Security & Certifications
In addition to third-party platform certifications of its platform provider, Riskonnect provides third-party assurance of its risk technology applications and related services. The SSAE 16 Type 2 & ISAE 3402 Examination (which replaced SAS70 as of June 2011) attests that Riskonnect has established control objectives covering the following areas: physical and environmental security; computer operations, including backups and incident handling; information security; application change control; data communications; business intelligence; and receipt, input, output and processing of data.
These examinations confirm that our security meets the latest industry standards. Riskonnect’s technical operations are truly best in class in the risk management market.
Independent audits confirm that Force.com security goes far beyond what most companies have been able to achieve on their own. Using the latest firewall protection, intrusion-detection systems, and SSL encryption, Force.com gives you the peace of mind only a world-class security infrastructure can provide.