RIFFSEC > Our Security Policy

How We Protect Your Data

Our Security Policy

At RIFFSEC, safeguarding your data and systems is our top priority. This Security Policy outlines the measures we take to protect information, ensure service continuity, and maintain compliance with applicable regulations.

Trusted Us

CERT
Raben
DC9
Fundacja Batorego
BFG
CERT
Raben
DC9
Fundacja Batorego
BFG

Data Protection

We secure customer data at every stage.

All employees undergo regular security training and background checks

All customer data is encrypted at rest using AES-256 and in transit using TLS 1.3

Production and test environments are strictly separated

Production and test environments are strictly separated

Data retention is limited to the duration necessary for service delivery; data is deleted automatically when no longer required

Data retention is limited to the duration necessary for service delivery; data is deleted automatically when no longer required

Contact us
Data Protection

Access Control

We limit access strictly to authorized personnel.

Mandatory multi-factor authentication for all administrative accounts

Mandatory multi-factor authentication for all administrative accounts

Role-based permissions following the principle of least privilege

Role-based permissions following the principle of least privilege

Centralized logging of access events with automated anomaly detection

Centralized logging of access events with automated anomaly detection

Contact us
Access Control

Incident Response

Prepared to detect, contain, and resolve security incidents quickly.

24/7 monitoring of critical systems and data feeds

24/7 monitoring of critical systems and data feeds

Documented escalation paths and customer notification processes

Documented escalation paths and customer notification processes

Regular incident response drills, including both tabletop and live exercises

Regular incident response drills, including both tabletop and live exercises

Contact us
Incident Response

Vendor Management

We hold our partners to the same security standards.

Security due diligence before onboarding any third party

Security due diligence before onboarding any third party

NDAs and contractual clauses covering data protection and confidentiality

NDAs and contractual clauses covering data protection and confidentiality

Restricted and monitored access for vendors to necessary systems only

Restricted and monitored access for vendors to necessary systems only

Contact us
Vendor Management

Business Continuity

Ensuring uninterrupted service even during failures.

Daily encrypted backups stored in geographically separate facilities

Daily encrypted backups stored in geographically separate facilities

Annual disaster recovery tests

Annual disaster recovery tests

Redundant infrastructure and failover mechanisms for critical components

Redundant infrastructure and failover mechanisms for critical components

Contact us
Business Continuity

Scope of the Policy

This policy applies to all RIFFSEC employees, contractors, and vendors. It covers all services, infrastructure, and customer data we process, regardless of location.

Standards & Compliance

Our security controls align with industry best practices and support compliance with GDPR, NIS2, and DORA where applicable.

Policy
Updates

We review and update this policy at least annually, or after major infrastructure or regulatory changes. Last reviewed: [insert date]

Security Contact

To report a vulnerability or security incident, contact: [email protected]

We should have nice header here

Come to the dark… web.
We have cookies.
Gigabytes of cookies!

Request your first Report