Security & Compliance

This page provides an overview of how we safeguard your valuable information through robust security measures and compliance practices, ensuring your peace of mind so you can concentrate on your projects.

With over 20 years of expertise as a SaaS provider, we recognize the importance of protecting our customers’ data and uphold the highest standards. We are dedicated to security, confidentiality, and strict adherence to industry standards.

ISO/IEC 27001:2022 Certification

Our organization is certified to the ISO/IEC 27001:2022 international standard for information security, covering the full development, hosting, and support of the Relatics software within a robust Information Security Management System (ISMS). This ISMS framework ensures that your data remains securely protected at all times.

Secure data centers

Relatics uses two data centers owned by TrueFullstaq, one of the leading data center providers in the Netherlands. Both datacenters are located in the Netherlands. The systems and storage dedicated to Relatics are securely isolated from those of other TrueFullstaq clients. TrueFullstaq’s data centers are highly reliable and certified for both quality and information security, meeting at minimum ISO 9001 and ISO 27001 standards. Both data centers adhere to strict Dutch and European regulations governing logical and physical access security, as well as operational continuity.

Security assessments

Relatics engages independent cyber security experts annually to assess its software and underlying architecture. These assessments simulate real-world cyber attacks to test detection, prevention, and response capabilities, helping to identify vulnerabilities and reinforce security.

With certified, external specialists, we gain an objective evaluation of the software and infrastructure. After each assessment, we review findings, address any issues, and implement necessary improvements to ensure a secure environment for your data.

Consensus Assessment Initiative Questionnaire

Consensus Assessment Initiative Questionnaire logoAt Relatics, we prioritize transparency in information security. To simplify the assessment process and answer your security questions, we’ve completed the Consensus Assessment Initiative Questionnaire (CAIQ) by the Cloud Security Alliance (CSA).

The CAIQ is a globally recognized, industry-standard questionnaire covering key cloud security areas like data protection, risk management, access control, and incident response. By using the CAIQ, we provide a clear, consistent view of our security practices, demonstrating our commitment to protecting your data.

Using the CAIQ helps us ensure that our responses are aligned with industry best practices. This means that the CAIQ covers the majority, if not all, of the critical security concerns you may have. Our responses have been carefully completed to give you a clear understanding of our security practices, our approach to risk management, and our commitment to safeguarding your data.

High-tech infrastructure

Your data and documents are stored in a private cloud within a data center in the Netherlands, ensuring high performance and security. The centers are protected against unauthorized access, fire, and more, with entry secured by fingerprint scan and personal access card.

data-center

Data center continuity

All essential architectural components within the data center like connections, power supply, climate devices and monitoring systems are provided redundantly. In addition, a smart architecture makes it possible for Microsoft Azure to take over the activities of the data center in the event of serious calamities.

Hard- & software continuity

Where possible, critical hardware and software components, such as hard drives, switches, and firewalls, are provided with redundancy. This ensures that, in the event of a malfunction, functionality can swiftly be restored by a backup component, minimizing the risk of downtime and data loss.

Disaster Recovery

Disaster Recovery is a set of strategies and processes aimed at restoring normal operations after a disruptive event, such as a hardware failure, cyber attack, or natural disaster.

Recovery Point Objective

The Recovery Point Objective (RPO) defines the maximum acceptable data loss in a given timeframe. RPO is based on the interval between two backups and the potential data loss within that period.

Our RPO standards are as follows:

  • 5 minutes for hardware (server) failure within a data center
  • 1 day for complete fallout of a data center

Recovery Time Objective

The Recovery Time Objective (RTO) is the target time to restore the Relatics Environment after a failure to prevent unacceptable business impact.

Our RTO standards are:

  • 15 minutes for hardware (server) failure within a data center
  • Up to 2 days for complete fallout of a data center
We periodically test our recovery procedures to ensure preparedness for potential disasters and to meet the specified RPO and RTO.
data-update

Solid backup model

Regular backups ensure your data is secure and protected in case of emergencies. All your project data is backed up daily, retained for a minimum of one week, and securely stored in a separate, geographically distinct data center. Additionally, you can download a backup copy of each project (workspace) anytime.

Data encryption

Data in transit between your computer and Relatics is encrypted, and sent using HTTPS. Any files which you upload to Relatics are encrypted at rest. While our databases are not encrypted at rest — they are subject to the same protection and monitoring as the rest of our systems. Our database backups are encrypted.

Firewalls and malware protection

Our servers are equipped with advanced security systems to minimize the risk of third-party attacks, including viruses and malware. These systems are automatically updated to detect and block new threats immediately. Additionally, we actively monitor and safeguard against DDoS attacks to ensure continuous protection.

Two-Factor Authentication

The standard login procedure of Relatics can be easily enhanced with Two-Factor Authentication (TFA). With TFA enabled, a user provides not only their username and password (first factor) but also an additional authentication code for extra security (second factor). This code is generated through an authenticator app, such as Google Authenticator or Microsoft Authenticator.

Single Sign-On (SSO)

Single Sign-On improves ease of use by removing the need for multiple credentials and enhances security. When an employee leaves, access to all connected applications, including Relatics, can be instantly revoked by deactivating their single account—reducing the risk of overlooked accounts and securing your organization’s data.

GDPR Compliance

At Relatics, we prioritize your data privacy and fully comply with the General Data Protection Regulation (GDPR). We have implemented robust processes to safeguard personal data, ensuring that it’s securely managed and only accessible by authorized personnel. Our approach includes a clear data processing agreement as part of our general terms and conditions, regular audits, and a commitment to transparency in data handling. From secure data encryption to privacy-by-design principles, we take every measure to protect your data rights and ensure compliance with the highest standards of data protection.

Additional assurance

Should you require additional assurance, we offer the option for you to conduct your own penetration testing on our software, or we can review and respond to custom security questionnaires.

Please note that these services are available at an hourly rate. We believe that the standard information provided here will fulfill your security requirements, streamlining the process and minimizing additional costs while giving you confidence in our commitment to safeguarding your data.

Please reach out to us by filling in the form, in case you want to discuss these options or if you would like to receive the documents mentioned on this page.

Please enable JavaScript in your browser to complete this form.
Documents

Pioneers in Systems Engineering [book]
Insights from 50 professionals from the Dutch construction industry.

Download our free whitepaper with 7 success factors for implementing Systems Engineering on your project.

Download our free whitepaper to discover why construction projects still struggle with failure costs.

Request a demo

Fill in our form and one of our colleagues will contact you as soon as possible to schedule a demo.

Please enable JavaScript in your browser to complete this form.
Please enable JavaScript in your browser to complete this form.

Download the whitepaper

Please enable JavaScript in your browser to complete this form.
Addresss

Get in touch

Fill in our form and one of the Relatics members will contact you as soon as possible. Do you prefer contact by phone? Please call us at +31 180 413 047.
Please enable JavaScript in your browser to complete this form.