Level of security
- Integrato employees are bound by contract to secrecy of all particulars concerning or related to Integrato and Integrato’s clients.
- Integrato employees are prohibited, both during the employment contract and after its termination, in any way whatsoever to make any statements to third parties, directly or indirectly, in any form and in any sense whatsoever, of or regarding anything during the performance of their duties has come to their knowledge in connection with matters and interests of Integrato and of companies affiliated with Integrato.
- This confidentiality also includes all data of clients or principals of Integrato that employees have become aware of by virtue of their position.
- Violation of this prohibition is subject to a penalty clause and may give rise to a report of the crime being committed.
- Violation of the prohibition during the employment contract will be an urgent reason for Integrato to dismiss the employee with immediate effect.
- Upon termination of employment, Integrato will forbid and deny the employee concerned access to all data concerning or related to Integrato and clients or clients of Integrato. The retirement process is guaranteed in a work instruction. Integrato management monitors and monitors this process. The “four eyes principle” is used for this purpose: At least a second employee / manager watches over the denial and deprivation of access to the data.
- Procedures and technical solutions ensure adequate data security. The Integrato server is housed with hosting company Hostnet, which in turn uses spaces from EU Networks and Equinix in Amsterdam. Both data centers have various certifications. For example, Equinix has PCI-DSS, SOC 2 Type 2, ISO 27001, ISO 50001, SSAE-16 Type 1, ISO 22301, ISO 90001, ISO 14001, SOC 1 Type 2.
Communication between apps and servers
The connection between the apps and the server is done through a TLS 1.2 connection and is secured through JWT Token authentication.
The backend is developed in the PHP Laravel framework, is provided with updates, and has a Role-Based-Access-Control (RBAC) system, in which access to certain resources can be specified per role.
Adequacy of information security
The data for the (managed) servers is safeguarded by constantly monitoring and guarding it with many protocols. External attacks are responded to with various security procedures. Which procedure is followed depends on the type of attack. For certification, see System of Standards above.