This policy document describes several security measures that we took in our software systems. These measures are not static. Implementing new security technology can lead to a better level of security. Therefore, security measures change sometimes. Nevertheless, certain vulnerabilities can be found in technologies, which makes some security mechanisms inadequate. Finally, Genkgo can decide to expand its services. An expansion of services may lead to an expansion of security measures as well.
The security measures as taken at this moment:
- Genkgo uses encryption for connections that are used to communicate personal data using HTTPS.
- For the administrative software, Genkgo uses security with user authentication. Authentication consists of username and password. There are several password requirements to make sure each password is strong.
- Genkgo enables administrators to secure certain parts of the administrative software to other administrators using a roles system.
- Genkgo enables administrators to secure certain parts of websites and apps using user authentication. This authentication also consists of username and password. There are several password requirements to make sure each password is strong.
- Genkgo enables administrators to secure files using user authentication.
- Genkgo ensures an adequate hash method when saving passwords.
- Genkgo takes measures to prevent code injection. This means in any case, but is not limited to SQL injection, XSS and object injection. Therefore, multiple layers or security are activated.
- Genkgo takes measures to protect its servers against hackers.
- Genkgo takes measures to protect users against hijacking user sessions.
- Genkgo takes measures to safeguard the authenticity of sent e-mail messages.
- Genkgo frequently updates the used software on its platform to the latest stable versions.
- A third party carries out security tests on the Genkgo software platform at least once a year. Genkgo ensures adequate follow-up if certain vulnerabilities are found during these tests.
- Genkgo ensures updating knowledge and skills of staff regarding software security.
- Genkgo saves data in data centers with an ISO 27001:2013 certificate. For this, Genkgo uses subcontractors.