Keeping customers’ data secure is our priority. To embrace highest security standards, we are constantly developing our technical and organisational measures (TOMs) which applies to all service offerings provided by RYDOO (except where Customer is responsible for security and privacy). We are working with independent third-party auditors to make sure that our technical and organisational measures are effective and efficient according to SaaS market best practices (ISO/IEC 27001 and SOC2).
Entering any Rydoo office requires swiping your valid badge. Confidential information in paper form is stored in closed spaces with access for relevant personnel only. All our data is hosted in data centres state-of-the-art physical security meeting a broad set of international and industry-specific compliance standards, such as ISO 27001, FedRAMP, SOC 1, and SOC 2.
Designing security of Rydoo App, all three pillars have been taken into consideration: Confidentiality, Integrity and Availability. Web Application Firewall, Multi-tier architecture, data encryption with strong algorithms both at rest as well as in transit, Extended Detection and Response tools protecting all servers and workstations, Security Operations Centre team responding immediately to any security events and regular Penetration Testing are just a few of may things we do to ensure highest level of security. And hey, we’re ISO27001 certified and received SOC 2 Type II report!
All staff including administrators and developers in order to access any systems, need to authenticate with secure password and a second factor (MFA), additionally all administrative accounts (which are separate from primary user accounts) have extended requirements for length and complexity. Access is granted based on ‘least privilege’ and ‘need to know’ basis (for example only Customer Service can interfere with customer permission or settings, but they don’t have access to commercial related matters). All employees undergo a clearance procedure and are required to sign a confidentiality agreement regarding Rydoo systems and customer data..
Rydoo is a Cloud solution. All of the data entered into our application is safely stored within the EU at data centres meeting strict security requirements. Backups are taken every 15 minutes (incremental) and daily (full backup). They are also regularly restored for test purposes. As already mentioned, all data is encrypted with strong algorithms.