Rizikon has been engineered with security as an over-riding priority.
All data held in Rizikon is encrypted using AES-256. All traffic between your browser and the Rizikon servers is encrypted using HTTPS, which provides bidirectional encryption. This means that your information is securely encrypted and cannot be accessed in transit or at rest without the proper security credentials. These measures are in line with current UK government cyber security recommendations  .
Rizikon is hosted on secure servers and is regularly penetration tested by an independent organisation of ethical hackers. The most recent tests were done in March 2017 and no major or critical issues were reported.
The Administration functions of Rizikon are restricted to a very small number of senior employees and all access is logged. Admin access is also further restricted using other best practise security methods.
Data stored in Rizikon accounts, or profiles, is only accessible via that account - unless the profile is shared with another user. Password resets are not automated, restricting fraud attempts. Multiple factors are required for any manual password resets via the Administrators.
Anonymity & Obfuscation
If you are concerned about data privacy in Rizikon Standard, we advise that where possible, you use a pseudonym for your organisation's name for example "Profile ABC" and for other questions involving PII. Rizikon Standard can generate cyber risk reports using anonymised data without affecting the report scoring mechanism.
For Rizikon Assurance users, we advise that you contact firstname.lastname@example.org, to determine the solution that is most appropriate for the assessment you are undertaking.
Encrypted Rizikon data is archived to a separate secure location every 24 hours.
Rizikon Standard users can backup and independently secure copies of their Rizikon profiles, should they wish to.
Crossword have procedures for restoring Rizikon profiles from both archives and client's own backup files. These procedures take a maximum of 8 working hours from the time of notification to completion.
data backup & restoration