ISO/IEC 27001:2013 is a specification for an information security management system (ISMS), which is a framework for an organization’s information risk management processes.
Yeeflow is certified by Microsoft as the online application which meet the required Security and Compliance from the Microsoft Cloud App Security. This security, data handling, and compliance information is intended to help organizations assess and manage risk in using Yeeflow.
We take our privacy obligations — and the protection of your information — seriously, and we comply with all applicable privacy laws and regulations.
You can learn more about Yeeflow’s privacy practices in our Privacy Policy.
When you visit the Yeeflow website or use one of the Yeeflow apps, the transmission of information between your device and our servers is protected using 256-bit TLS encryption. At rest, Yeeflow encrypts data using AES-256.
We regularly install security updates and patches to keep servers up to date. Servers are segmented based on role and protected using restrictive firewalls.
Yeeflow utilizes industry-leading Microsoft Azure hosting infrastructure. Backups are geo-redundantly replicated across multiple availability zones for data durability. Yeeflow maintains business continuity and disaster recovery plans. Components of the disaster recovery plan include multiple site operations playbooks, which are regularly reviewed and rehearsed. Yeeflow implements extensive service monitoring, and our operations team is on call 24x7x365.
Within the Yeeflow product, collaborator permissions can be managed at the workspace level or the application level. These permissions allow you to control who you share a workspace or application with and whether they can modify the workspaces or applications that you’ve shared with them. Yeeflow also enables you to restrict access to the specific data and records from with the global system administrator permission.
Yeeflow supports OAuth 2.0 and SAML-based Single Sign On (SSO) and additional administration features for teams on the Enterprise Plan.
Yeeflow vets employees and performs background checks in accordance with local laws. Employees complete annual security training which covers topics such as data privacy, information security, and password security.
Employee workstations are configured with full-disk encryption, strong passwords, and automatic locking. Employees are prohibited from installing unauthorized software or using portable media.
Yeeflow runs automated application-level security scans on a daily basis, package dependency security advisory scans on a weekly basis, and endpoint scans on a monthly basis. In addition to internal scans, Yeeflow commissions external penetration tests on a regular basis.
As part of the software development process, code and configuration changes are thoroughly reviewed. Before being deployed, these changes are tested during the quality assurance process to help ensure a consistent experience across all devices, platforms, and browsers that are supported by Yeeflow.
Yeeflow is dedicated to meeting global data privacy regulations, including the General Data Protection Regulation (GDPR) and other relevant frameworks. Our compliance strategy includes the following:
Data Subject Rights: Yeeflow empowers customers to manage data subject rights in compliance with GDPR and similar privacy regulations:
Cross-Border Data Transfers: Yeeflow is hosted on the Microsoft Azure Singapore data center, which is located outside of the EU:
Data Processing and Protection: Our platform is designed with robust data protection measures to ensure compliance with global privacy regulations:
Data Breach Response: Yeeflow has a comprehensive protocol to address potential data breaches:
Yeeflow is designed with a comprehensive business continuity strategy to ensure platform availability and data integrity, even in the face of potential disruptions. Our business continuity measures include:
High Availability: Yeeflow’s architecture employs redundancy, load balancing, and a Service-Oriented Architecture (SOA) structure to maintain high availability:
Data Backup and Recovery: Protecting your data is a top priority, and we have implemented a multi-tier backup strategy:
Disaster Recovery Plan (DRP): Yeeflow has a robust Disaster Recovery Plan in place to address potential system disruptions:
DevOps and Continuous Updates: Yeeflow adopts DevOps practices to facilitate continuous updates and system deployment: