This section describes YData’s security measures to provide a best-in-class experience for its customers, ensuring not only a good product and service but also risk management and compliance.

Hosting security

YData is not a cloud service provider, however, we use providers which are hosted on their data centers, such as Google, Microsoft and Amazon Web Services, when the setup is not made on the customer premises. They are leading cloud infrastructure providers with top-class safety standards. They are able to respond quickly to both operational and security, including well-defined change management policies and procedures to determine when and how change occurs.

Google is compliant with the following standards:

• CSA

• ISO 27018

• SOC 3

• ISO 27001

• SOC 1

• ISO 27017

• SOC 2

Amazon is compliant with the following standards:

• CSA

• ISO 27017

• SOC 2

• ISO 9001

• ISO 27018

• SOC 3

• ISO 27001

• SOC 1

Azure is compliant with the following standards:

• CSA

• ISO 27017

• ISO 22301

• SOC

• ISO 9001

• ISO 27018

• ISO 20000-1

• ISO 27001

• ISO 27701

• WCAG

Both physical access perimeters and entry points are strictly controlled by professional security personnel. Authorized personnel must pass a minimum of two-step verification to gain access to the authorized center floors.

Corporate security

YData has applied internal security policies that are in line with the industry's ISO 27001 and SOC 2. We are regularly training our employees in safety and privacy awareness, which protects technical and non-technical roles. Training materials are developed for individual roles so that employees can fulfill their responsibilities appropriately.

• Two-step verification for all services is enforced
• Encrypted hard drives of our devices is enforced
• Hard password requirements and rotation is enforced

Verification and Access Management

Users can log in via a secured Authentication provider, such as Security Assurance Markup Language, Microsoft Active Directory, Google Sign In or OpenID services.

All requests to any of YData’s APIs must be approved. Data writing requests require at least reporting access as well as an API key. Data reading requests require full user access as well as application keys. These keys act as carrier tokens to allow access to the YData service functionality. We also use Auth0 in user identification. Auth0 can never save a password because the password is encrypted when the user logs in, and compares with AuthO's encrypted password to see if they are using the correct password.

The user can change and save the password as they wish. The user can use all types of characters to strengthen his password.

Certificate Management & Communications