Rizikon has been engineered with high security as an over-riding priority.  

All data held in Rizikon is encrypted using AES-256.  All traffic between your browser and the Rizikon servers is encrypted using HTTPS, which provides bidirectional encryption.  This means that your information is securely encrypted and cannot be accessed in transit or at rest without the proper security credentials. These measures are in line with current UK government cyber security recommendations [1] [2].

Rizikon is hosted on secure servers and is regularly penetration tested by an independent organisation of ethical hackers.  The most recent tests were done in March 2017 and no major or critical issues were reported.

The Administration functions of Rizikon are restricted to a very small number of senior employees and all access is logged.  Admin access is also further restricted using other best practise security methods.


Data stored in Rizikon accounts, or profiles, is only accessible via that account - unless the profile is shared with another user.  Password resets are not automated, restricting fraud attempts.  Multiple factors are required for any manual password resets via the Administrators.

Anonymity & Obfuscation

If you are still concerned about data privacy & security, we advise that you use a psuedonym for the Profile name and the Organisation name question in section 1.  For example "Profile ABC" and "Organisation Alpha".

This way, should anyone access the report or profile, it would be impossible to know which organisation was under assessment or if it was a real or "what-if" set of answers.

Encrypted Rizikon data is archived to a separate secure location every 24 hours.

Users can backup and independently secure copies of their Rizikon profiles, should they wish to. 

Crossword have procedures for restoring Rizikon profiles from both archives and client's own backup files.  These procedures take a maximum of 8 working hours from the time of notification to completion.

data backup & restoration