Security

To protect the reliability, availability and integrity of the data of our customers and ourselves, we have an information security policy at iWink. Every new employee has to get familiar with our policy upon entering employment. Every year, our system administrators and technical director test whether the information security policy still fits in with new developments and is properly implemented. 

In addition to alerting new employees to our information security policy, they must also provide a Certificate of Good Conduct (VOG) before joining us. This way we can be sure that our employees have never been convicted of, for example, fraud cases. 

Since May 22, 2019 iWink and our CMS are ISO 27001 certified.

All iWink employees also use two-step authentication when logging into the systems. Two-step authentication is much more secure than logging in with, for example, just a password. In addition to the password, the user's smartphone is also required to log in. This makes it much more difficult for malicious parties to log in.

Not only our employees are important to ensure the security of your data. The location of the servers is also very important. The physical location of the server says a lot about who has (physical and digital) access to the server. That is why our servers are only located in data centers with an ISO 27001 certification. These data centers are much more secure than, for example, an office building. Physical access to the servers is not possible without an appointment and identity verification at the data center. Only our hosting employees have access to our servers. The data centers are also located in the Netherlands and fall under Dutch jurisdiction, so that foreign services have no access to the data.

In our weekly maintenance window (outside office hours) all servers are updated with the latest software updates. If necessary, for example for security issues, the update will take place earlier. We also have a continuously running surveillance system that checks all web servers for imminent disruptions, acute disruptions and DDoS (Distributed Denial of Service) attacks.

Better safe than sorry. That is why we actively search for vulnerabilities on our installations so we can fix them before they can be exploited. For example, automated safety tests are continuously performed on our installations. An external agency performs the tests based on the vulnerability database of Tenable Network Security. This vulnerability database is used by more than 75,000 organisations worldwide. In addition, a penetration test is carried out several times a year by a specialised company, a so-called 'white hat hacker', to test the safety of our CMS. Some of our customers also conduct such tests (with or without our knowledge).

As a supplier, we take the security of your website very seriously. You can also take extra measures to protect your website even better.

Do you use web forms? This means that a lot of personal data is collected and stored. Fortunately, you can easily set the retention period in iWink CMS. After that period, the entered data will be automatically deleted. That saves you a lot of hassle and helps you comply with the GDPR.