Security & Compliance
This page provides an overview of how we safeguard your valuable information through robust security measures and compliance practices, ensuring your peace of mind so you can concentrate on your projects.
With over 20 years of expertise as a SaaS provider, we recognize the importance of protecting our customers’ data and uphold the highest standards. We are dedicated to security, confidentiality, and strict adherence to industry standards.
ISO/IEC 27001:2022 Certification
Secure data centers
Security assessments
Relatics engages independent cyber security experts annually to assess its software and underlying architecture. These assessments simulate real-world cyber attacks to test detection, prevention, and response capabilities, helping to identify vulnerabilities and reinforce security.
With certified, external specialists, we gain an objective evaluation of the software and infrastructure. After each assessment, we review findings, address any issues, and implement necessary improvements to ensure a secure environment for your data.
Consensus Assessment Initiative Questionnaire
At Relatics, we prioritize transparency in information security. To simplify the assessment process and answer your security questions, we’ve completed the Consensus Assessment Initiative Questionnaire (CAIQ) by the Cloud Security Alliance (CSA).
The CAIQ is a globally recognized, industry-standard questionnaire covering key cloud security areas like data protection, risk management, access control, and incident response. By using the CAIQ, we provide a clear, consistent view of our security practices, demonstrating our commitment to protecting your data.
Using the CAIQ helps us ensure that our responses are aligned with industry best practices. This means that the CAIQ covers the majority, if not all, of the critical security concerns you may have. Our responses have been carefully completed to give you a clear understanding of our security practices, our approach to risk management, and our commitment to safeguarding your data.
High-tech infrastructure
Your data and documents are stored in a private cloud within a data center in the Netherlands, ensuring high performance and security. The centers are protected against unauthorized access, fire, and more, with entry secured by fingerprint scan and personal access card.
Data center continuity
All essential architectural components within the data center like connections, power supply, climate devices and monitoring systems are provided redundantly. In addition, a smart architecture makes it possible for Microsoft Azure to take over the activities of the data center in the event of serious calamities.
Hard- & software continuity
Where possible, critical hardware and software components, such as hard drives, switches, and firewalls, are provided with redundancy. This ensures that, in the event of a malfunction, functionality can swiftly be restored by a backup component, minimizing the risk of downtime and data loss.
Disaster Recovery
Recovery Point Objective
The Recovery Point Objective (RPO) defines the maximum acceptable data loss in a given timeframe. RPO is based on the interval between two backups and the potential data loss within that period.
Our RPO standards are as follows:
- 5 minutes for hardware (server) failure within a data center
- 1 day for complete fallout of a data center
Recovery Time Objective
The Recovery Time Objective (RTO) is the target time to restore the Relatics Environment after a failure to prevent unacceptable business impact.
Our RTO standards are:
- 15 minutes for hardware (server) failure within a data center
- Up to 2 days for complete fallout of a data center
Solid backup model
Regular backups ensure your data is secure and protected in case of emergencies. All your project data is backed up daily, retained for a minimum of one week, and securely stored in a separate, geographically distinct data center. Additionally, you can download a backup copy of each project (workspace) anytime.
Data encryption
Data in transit between your computer and Relatics is encrypted, and sent using HTTPS. Any files which you upload to Relatics are encrypted at rest. While our databases are not encrypted at rest — they are subject to the same protection and monitoring as the rest of our systems. Our database backups are encrypted.
Firewalls and malware protection
Our servers are equipped with advanced security systems to minimize the risk of third-party attacks, including viruses and malware. These systems are automatically updated to detect and block new threats immediately. Additionally, we actively monitor and safeguard against DDoS attacks to ensure continuous protection.
Two-Factor Authentication
The standard login procedure of Relatics can be easily enhanced with Two-Factor Authentication (TFA). With TFA enabled, a user provides not only their username and password (first factor) but also an additional authentication code for extra security (second factor). This code is generated through an authenticator app, such as Google Authenticator or Microsoft Authenticator.
Single Sign-On (SSO)
Single Sign-On improves ease of use by removing the need for multiple credentials and enhances security. When an employee leaves, access to all connected applications, including Relatics, can be instantly revoked by deactivating their single account—reducing the risk of overlooked accounts and securing your organization’s data.
GDPR Compliance
At Relatics, we prioritize your data privacy and fully comply with the General Data Protection Regulation (GDPR). We have implemented robust processes to safeguard personal data, ensuring that it’s securely managed and only accessible by authorized personnel. Our approach includes a clear data processing agreement as part of our general terms and conditions, regular audits, and a commitment to transparency in data handling. From secure data encryption to privacy-by-design principles, we take every measure to protect your data rights and ensure compliance with the highest standards of data protection.
Additional assurance
Should you require additional assurance, we offer the option for you to conduct your own penetration testing on our software, or we can review and respond to custom security questionnaires.
Please note that these services are available at an hourly rate. We believe that the standard information provided here will fulfill your security requirements, streamlining the process and minimizing additional costs while giving you confidence in our commitment to safeguarding your data.
Please reach out to us by filling in the form, in case you want to discuss these options or if you would like to receive the documents mentioned on this page.