Trust YakTrak to keep your data secure and meet your compliance requirements
Our security certifications
Delivering a safe and secure experience for our customers is of the utmost importance to us. YakTrak is ISO/IEC 27001:2022 accredited. ISO/IEC27001:2022 is the most robust international standard for information security. To achieve the certification, YakTrak is required to prove and maintain a continuous, structured commitment to handling sensitive business, employee and customer information. The relevant controls and standards of ISO 27001 are managed through an Internal Security Management System – ISMS.
Certificate of registration
YakTrak’s current accreditation body is BSI International. Securing this certification demonstrates YakTrak’s commitment to ensuring that customer data is protected by processes and policies which meet internationally recognised standards. Our current accreditation is valid until June 2027.
CyberGRX Security Profile
CyberGRX provides an independent third-party validated cyber risk assessment of YakTrak’s security posture. Using sophisticated data analytics, real-world attack scenarios, and real-time threat intelligence, CyberGRX provide a complete portfolio analysis of our ecosystem. YakTrak consistently demonstrate well above industry best practice for ISMS maturity. On request, YakTrak can provide clients access to our CyberGRX profile.
APRA CPS 234
CPS 234 is a set of cybersecurity regulations outlined by the Australian Prudential Regulation Authority (APRA), aimed at improving the security of information held by Australian financial institutions. Under this regulation, regulated entities must implement appropriate and effective measures to protect their data, systems, and networks against cyber threats. The regulation establishes a framework for risk management, incident reporting, and continuous monitoring of cybersecurity practices to ensure resilience against evolving threats.
By aligning with CPS 234, we demonstrate our commitment to the highest standards of cybersecurity, protecting our clients’ data and maintaining trust in our services.
Frequently Asked Questions
Where is YakTrak hosted?
YakTrak is hosted on Amazon Web Services (AWS). All hosting and data centres are located in Australia.
Does YakTrak have a security accreditation?
YakTrak is ISO27001: 2022 accredited and is audited six monthly to ensure compliance.
What is YakTrak's uptime commitment?
YakTrak is committed to ensuring the availability of our services by using commercially reasonable efforts to meet a service uptime of 99.5% for our SaaS Service in a given calendar month.
How does YakTrak encrypt data?
All sensitive interactions with YakTrak are encrypted in-transit with TLS 1.3 and 2,048 bit keys or better. YakTrak leverages several technologies to ensure stored data is encrypted at rest. The physical and virtualised storage used by YakTrak server instances as well as long-term storage solutions like AWS S3 use AES-256 encryption. User passwords are hashed and are encrypted at rest.
Does Yaktrak offer Single Sign On (SSO) and two factor authentication?
YakTrak uses SAML2 for SSO (the industry standard). We also offer two factor authentication for all or some user profiles if required.
Does YakTrak offer Data Loss Prevention (DLP)?
Yes YakTrak have a feature called YakSafe which prevents any PII information from being added into YakTrak free text fields or attachments. Information is scanned in real time and is configurable to each clients PII and DLP policies.