Security is not something the security officer should tackle alone. It is the cornerstone of Dutchview, the company behind FlexWhere. That’s why all our employees, wherever they are in the world, sign a non-disclosure agreement (NDA) and we thoroughly vet their background. In the Netherlands, we do this by requiring a government-issued Certificate of Good Conduct.
Of course, not all employees are allowed to access customer data. We keep track of who has access and why. This may concern a server administrator or our support staff. In this way, we keep phishing and social engineering attempts at bay. Customers always remain in possession of their data. We do not use back doors or small print to transfer the ownership of said data.
In order for FlexWhere to work properly, we do need some user data. We create a link between your organisation and our software via ActiveDirectory. It goes without saying that this is done via a secure connection. We use https with a certificate from Let’s Encrypt Authority X3
We do not store the retrieved data for longer than is strictly necessary and we only process anonymised statistics in our daily backups. We do not collect data that can be traced back to individuals.
When choosing where to run our servers, we carefully consider the location and how they are secured. It was important for us to keep all hardware within the EU for security reasons. That’s why we signed a contract with AWS to use their data centres in Germany and Ireland. AWS is certified for ISO 90001, ISO 27001, ISO 27017 and ISO 27018.
These certifications ensure that important issues such as management standards, data security, cloud security and the Information Security Management System are well regulated. AWS also guarantees uptime.
Safe use of your own laptop or smartphone
No matter how well security is arranged on the server side, users must also have their data well protected. Exploits, viruses, ransomware, trojans and malware lurk everywhere. There is a big task for the user. To help, the FlexWhere app does not does require any authorisations to run.
Devices are whitelisted based on IP numbers and your initial login is only possible on the organisation’s Wi-Fi network. Login information is sent via email with a token. This ensures that a Bring Your Own Device (BYOD) policy is not a problem for FlexWhere. Convenience without compromising security.
Regular penetration tests
A security policy may be as good as it comes, but it isn’t worth a penny if it isn’t tested in real-world situations. That’s why our security officer conducts regular penetration tests. He probes for vulnerabilities and ensures that all the systems’ defence measures are up to scratch.
A new challenge is keeping security at the highest levels when sensors, cameras or other devices are used. The Internet of Things (IoT) raises unique issues concerning the security of devices and connections. FlexWhere works great without these gadgets, but many extras are available on request. We not only look at the functionality of this new technology, but also at its potential vulnerabilities.
Of course, we can always do better, but it should be clear that security is of critical importance to us. We would be happy to discuss your requirements and tell you more about our approach and measures.
Call us on for more information or request a free demonstration.