Security

Raet’s entire package of services provides the safest possible service by taking responsibility for protecting your systems and data. The approach we take is recorded in the Raet Information Security Policy. Our information security policy was drawn up in accordance with international standard ISO27001.

Youforce and protection

Youforce gives you the option of tailoring many security measures to your own security policy:

  • Unique user names, enabling relevant activities in Youforce to be traced back directly to a specific person.
  • Restriction on the number of faulty login attempts.
  • Extensive password configuration.
  • Possibilities for multi-factor authentication.
  • Passwords are always stored encrypted.
security-model

When developing and managing our software we always use best practices, such as:

ISO27001/ ISO27002: the ISO standard for information security systems.

COBIT: Control Objectives for Information and Related Technology is a framework for the structured design and assessment of IT control environments.

Documentation from the Dutch National Cyber Security Centre: ICT security guidelines for web applications.

OWASP top 10: The ten main security risks for web applications compiled by the Open Web Application Security Project (OWASP).

Microsoft SDL and the CWE/SANS Top 25: Microsoft’s list of the 25 most dangerous programming errors and vulnerabilities encountered in software development.

Access to Youforce

You can only access your data by entering a valid user name and password. At your request, we can also support multi-factor authentication. An SSL/TLS encrypted connection is used to protect your data during transport. 

After logging on, you obtain access to the Youforce functionality for which you have been authorized. This means that different rights may be assigned to managers, employees, HR staff or administrators.

As an additional security measure, financial and medical transactions, and transactions by professional users, are only allowed subject to logging on using an electronic user certificate (2-factor authentication). 

Security monitoring 

The safety of your data is monitored 24/7. We work with specialists in the market to ensure this and we rely on our intrusion detection systems.

In order to be able to retrospectively trace what has happened to your information, we ensure that:

  • access to systems, system usage and system errors are recorded. We always log the user name, date and time for all events as well as the actual event. These log details can only be accessed for forensic research.
  • logged data is stored for 90 days.
  • logging has been set up such that logged data cannot be removed or changed.
  • any changes to Youforce’s systems and components (incl. firewalls, routers, network switches) are also logged.

Managing security incidents

We ensure strict compliance with our security measures. Any deviations from these measures are detected, studied and classified. We record any infringements of security measures and additional security measures are introduced on the basis of incidents and their records.

Certification and testing

The quality, safety and privacy of our software and services are demonstrated by different audits and certifications.

ISO27001 and ISO9001 certificates

Raet has acquired certification for its Information Security Management System (ISMS) and quality management system in accordance with the international ISO27001 and ISO9001 standards for "Developing, delivering, implementing products and SaaS service provision for e-HRM, Payroll and Outgoing Cash Flows processing, HR and Payroll Accounting and BPO Services”.

ISAE3402 type II report

Raet has an ISAE3402 type II assurance report from an independent auditor for “The operation of Raet control measures regarding HR, Payroll, Pension Payments and BPO Services”. This report is available to our customers, subject to a confidentiality statement.

Penetration test

We test the Youforce infrastructure and software at least once a year for vulnerabilities and whenever any major functional or technical changes have been made. We do not only do these tests ourselves, but have them conducted also by a qualified external organization. Their findings are then classified and resolved. Furthermore, we conduct an internal penetration test for every new release, based on a test approach that is reviewed on a monthly basis.

Raet’s entire package of services provides the safest possible service by taking responsibility for protecting your systems and data. The approach we take is recorded in the Raet Information Security Policy. Our information security policy was drawn up in accordance with international standard ISO27001.

Youforce and protection

Youforce gives you the option of tailoring many security measures to your own security policy:

  • Unique user names, enabling relevant activities in Youforce to be traced back directly to a specific person.
  • Restriction on the number of faulty login attempts.
  • Extensive password configuration.
  • Possibilities for multi-factor authentication.
  • Passwords are always stored encrypted.

Follow us

Are you a Product UX Designer? Be part of our Global UX Team with Visual, Content & Product Designers in NL & Spain. https://t.co/TEOBYVQmQU