Rizikon has been engineered with security as an over-riding priority.
All data held in Rizikon is encrypted using AES-256. All traffic between your browser and the Rizikon servers is encrypted using HTTPS, which provides bidirectional encryption. This means that your information is securely encrypted and cannot be accessed in transit or at rest without the proper security credentials.
These measures are in line with current UK government cyber security recommendations .
Rizikon is hosted on secure servers and is regularly penetration tested
by an independent organisation of ethical hackers. The most recent tests were done in October 2019 and all issues .
The Administration functions of Rizikon are restricted to a very small number
of senior employees and all access is logged. Admin access is also further restricted using other best practise security methods.
Data stored in Rizikon accounts, or profiles, is only accessible via that account - unless the profile is shared with another user. Password resets are not automated, restricting fraud attempts. Multiple factors are required for any manual password resets via the Administrators.
If you are concerned about data privacy in Rizikon Standard, we advise that where possible, you use a pseudonym for your organisation's name for example "Profile ABC" and for other questions involving PII. Rizikon Standard can generate cyber risk reports using anonymised data without affecting the report scoring mechanism.
For Rizikon Assurance users, we advise that you contact ,
to determine the solution that is most appropriate for the assessment you are undertaking.
Encrypted Rizikon data is archived to a separate secure location every 24 hours.
Rizikon Standard users can backup and independently secure copies of their Rizikon profiles, should they wish to.
Crossword have procedures for restoring Rizikon profiles from both archives
and client's own backup files. These procedures take a maximum of 8 working hours from the time of notification to completion.