SECURITY WHITEPAPER
SECURITY WHITEPAPER
• Identifying and fixing security vulnerabilities of the Application or the Cloud service in a timely manner without affecting partners / customers ' service availability ;
• Cooperating with independent third-party security regulation to evaluate security and compliance of Y Soft cloud service security
In Y Soft-hosted solutions , data is hosted by major third parties , who have a contractual obligation with us , ensuring they handle data according to GDPR-requirements .
SECURITY RESPONSIBILITY FOR PARTNERS / CUSTOMERS
Y Soft Partners / Customers ( Data Controller ) are required to meet strict safety and security demands , and these requirements naturally involve handling documents through YSoft SAFEQ Cloud . We see this as an opportunity and take on a proactive approach to fulfilling our duties , thereby helping you fulfil yours . This section describes individual actions that foster data security during the YSoft SAFEQ Cloud lifecycle :
• Y Soft will never use personal data for any other purposes than delivering the YSoft SAFEQ Cloud service . Further , it is ensured that any present and future sub-suppliers uphold local or regional data protection laws . For example , this means all data is stored on servers within one region , unless otherwise explicitly agreed upon .
• The customer / Partner-appointed administrator may however choose to retain the document in Ysoft SAFEQ Cloud for a predefined number of minutes / hours hereafter – for example to enable re-print . This will not impose a major security risk as such , but will mean that the data will be hosted and retained in the cloud for a longer period of time , in case of a Pure Cloud environment ( data not retained by local gateways ).
OUR SECURITY AND RISK MANAGEMENT OBJECTIVES
• We have developed our security framework using best practices in the SaaS industry . Our key objectives include Customer Trust and Protection – consistently deliver superior product and service to our customers while protecting the privacy and confidentiality of their information .
• Availability and Continuity of Service – ensure ongoing availability of the service and data to all authorized individuals and proactively minimize the security risks threatening service continuity .
• Information and Service Integrity – ensure that customer information is never corrupted or altered inappropriately .
• Compliance with Standards – we design our corporate security program around the industry cybersecurity best practice guidelines including the Center for Internet Security ( CIS ) Critical Security Controls . Our controls governing the availability , confidentiality , and security of customer data are also designed to be SOC 2 compliant .
Y SOFT SECURITY CONTROLS
To protect the data that is entrusted to us , Y Soft utilizes a defense-in-depth approach to implement layers of security controls throughout our organization . The following sections describe a subset of our most frequently asked about controls .
YSoft SAFEQ Cloud - 11 - YSOFT . COM