RiskRater

Our Security Commitment

How we protect your data and ensure the security of our platform.

Security Overview

At Risk Rater, security is a top priority. We understand that you trust us with sensitive information, and we take that responsibility seriously. Our comprehensive security program is designed to protect your data and ensure the integrity of our platform.

Data Encryption

All data is encrypted both in transit and at rest using industry-standard encryption protocols (AES-256).

Secure Infrastructure

Our platform is hosted in ISO 27001 certified data centers with 24/7 monitoring and physical security measures.

Regular Security Audits

We conduct regular security audits and penetration testing to identify and address potential vulnerabilities.

Compliance Documentation

Comprehensive documentation of security measures to support your own compliance requirements.

Access Controls

Role-based access controls, multi-factor authentication, and detailed audit logs of all system activities.

Incident Response

Robust incident response procedures to quickly address and mitigate any security events.

Our Security Practices

Data Protection

We implement multiple layers of security to protect your data:

  • End-to-end encryption for all data transmissions
  • AES-256 encryption for data at rest
  • Regular backup procedures with secure off-site storage
  • Data segregation to ensure client information remains separate
  • Strict data retention policies in line with regulatory requirements

Access Management

We enforce strict access controls to prevent unauthorized access:

  • Multi-factor authentication for all user accounts
  • Role-based access controls with principle of least privilege
  • Regular access reviews and prompt removal of unnecessary access
  • Secure password policies with complexity requirements
  • Automatic session timeouts and account lockouts after failed attempts

Infrastructure Security

Our infrastructure is designed with security as a foundational element:

  • Hosting in ISO 27001 certified data centers
  • Network segmentation and firewalls to control traffic
  • Regular security patching and vulnerability management
  • Intrusion detection and prevention systems
  • 24/7 monitoring for suspicious activities

Compliance and Certifications

We maintain compliance with relevant standards and regulations:

  • ISO 27001 certification for information security management
  • Regular SOC 2 Type II audits
  • Compliance with New Zealand Privacy Act 2020
  • Adherence to GDPR principles for data protection
  • Annual security assessments by independent third parties

Security Questions?

If you have specific questions about our security measures or need additional information for your own compliance requirements, please contact our security team at security@riskrater.co.nz.