Trust and Security

At riskrate, trust is the foundation of our relationship with you. We are dedicated to protecting your data with the highest security standards, ensuring your financial information remains secure and private.

Security Practices

Data security is an essential part of riskrate’s software development. It includes external and internal protection of servers, ensuring data integrity within the service; hardware and software testing and monitoring; staff confidentiality obligations; user authentication; and the encryption of data both in transit and at rest.

Server data security

riskrate’s production environment operates on servers accessible only to authorized personnel. The production servers are maintained by Google Cloud, located in Hamina, Finland. The security of Google Cloud’s cloud services is audited and certified according to ISO 27001. Access rights to databases and information systems are controlled through company- and employee-specific permissions. Only software that has been tested and approved may be used for database operations, and third-party management tools are not permitted. Database interfaces from external networks are blocked.

Uninterrupted operation, safeguards, and control

All data is encrypted both in transit and at rest.
Special attention is given to uninterrupted service and fault tolerance. Daily backups are taken of all iskrate databases and files, and these backups are stored in a separate facility.

Testing and Monitoring

The functionality of the firewall and other technologies is tested regularly. Unauthorized attempts to access the network or its services are detected and actively responded to.

In addition to devices and systems, software log files and user-generated error events are continuously monitored and analyzed.

riskrate personnel actively gather information on risks targeting the information system from multiple sources. This helps riskrate anticipate potential issues and prevent them proactively.

Professional Competence and Confidentiality

Personnel involved in riskrate’s service production receive training appropriate for their tasks. All individuals who can handle any customer data are riskrate personnel and have signed a strict non-disclosure agreement.

User Authentication and Permissions

riskrate users are authenticated with personal usernames and passwords for each session. riskrate follows role-based access control and the principle of least privilege. Data transfer between riskrate servers and the user’s computer is encrypted using HTTPS technology.

When a contract ends, riskrate personnel or the customer deletes all general ledger data uploaded and processed under the user account from the riskrate interface, server, and database.

riskrate users may not share their usernames or passwords with others. riskrate will never ask users for passwords or other confidential information by email or any other method. Notifications about usage-related matters are communicated through administrators and news bulletins. The information security policy is reviewed at least once a year or when system updates occur.