Security

Trust YakTrak to keep your data secure and meet your compliance requirements

Our security certifications

Delivering a safe and secure experience for our customers is of the utmost importance to us. YakTrak is ISO/IEC 27001:2022 accredited. ISO/IEC27001:2022 is the most robust international standard for information security. To achieve the certification, YakTrak is required to prove and maintain a continuous, structured commitment to handling sensitive business, employee and customer information. The relevant controls and standards of ISO 27001 are managed through an Internal Security Management System – ISMS.

 

Certificate of registration

YakTrak’s current accreditation body is BSI International. Securing this certification demonstrates YakTrak’s commitment to ensuring that customer data is protected by processes and policies which meet internationally recognised standards. Our current accreditation is valid until June 2027.

CyberGRX Security Profile

CyberGRX provides an independent third-party validated cyber risk assessment of YakTrak’s security posture. Using sophisticated data analytics, real-world attack scenarios, and real-time threat intelligence, CyberGRX provide a complete portfolio analysis of our ecosystem. YakTrak consistently demonstrate well above industry best practice for ISMS maturity. On request, YakTrak can provide clients access to our CyberGRX profile.

Frequently Asked Questions

Where is YakTrak's product infrastructure hosted?

YakTrak’s product infrastructure is hosted on Amazon Web Services (AWS). All hosting and data centres are located in Australia.

Does YakTrak have a security accreditation?

YakTrak is ISO27001: 2022 accredited and is audited six monthly to ensure compliance.

What is YakTrak's uptime commitment?

YakTrak is committed to ensuring the availability of our services by using commercially reasonable efforts to meet a service uptime of 99.5% for our SaaS Service in a given calendar month.

How does YakTrak encrypt data?

All sensitive interactions with YakTrak are encrypted in-transit with TLS 1.3 and 2,048 bit keys or better. YakTrak leverages several technologies to ensure stored data is encrypted at rest. The physical and virtualised storage used by YakTrak server instances as well as long-term storage solutions like AWS S3 use AES-256 encryption. User passwords are hashed and are encrypted at rest.

Does Yaktrak offer Single Sign On (SSO) and two factor authentication?

YakTrak uses SAML2 for SSO (the industry standard). We also offer two factor authentication for all or some user profiles if required.

Deos YakTrak offer Data Loss Prevention (DLP)?

Yes YakTrak have a feature called YakSafe which prevents any PII information from being added into YakTrak free text fields or attachments. Information is scanned in real time and is configurable to each clients PII and DLP policies.

Need to know more?

If you would like more information on our security posture, drop us a line.