ISO/IEC 27001:2013 is a specification for an information security management system (ISMS), which is a framework for an organization’s information risk management processes.
Yeeflow is certified by Microsoft as the online application which meet the required Security and Compliance from the Microsoft Cloud App Security. This security, data handling, and compliance information is intended to help organizations assess and manage risk in using Yeeflow.
We take our privacy obligations — and the protection of your information — seriously, and we comply with all applicable privacy laws and regulations.
When you visit the Yeeflow website or use one of the Yeeflow apps, the transmission of information between your device and our servers is protected using 256-bit TLS encryption. At rest, Yeeflow encrypts data using AES-256.
We regularly install security updates and patches to keep servers up to date. Servers are segmented based on role and protected using restrictive firewalls.
Yeeflow utilizes industry-leading Microsoft Azure hosting infrastructure. Backups are geo-redundantly replicated across multiple availability zones for data durability. Yeeflow maintains business continuity and disaster recovery plans. Components of the disaster recovery plan include multiple site operations playbooks, which are regularly reviewed and rehearsed. Yeeflow implements extensive service monitoring, and our operations team is on call 24x7x365.
Within the Yeeflow product, collaborator permissions can be managed at the workspace level or the application level. These permissions allow you to control who you share a workspace or application with and whether they can modify the workspaces or applications that you’ve shared with them. Yeeflow also enables you to restrict access to the specific data and records from with the global system administrator permission.
Yeeflow supports OAuth 2.0 and SAML-based Single Sign On (SSO) and additional administration features for teams on the Enterprise Plan.
Yeeflow vets employees and performs background checks in accordance with local laws. Employees complete annual security training which covers topics such as data privacy, information security, and password security.
Employee workstations are configured with full-disk encryption, strong passwords, and automatic locking. Employees are prohibited from installing unauthorized software or using portable media.
Yeeflow runs automated application-level security scans on a daily basis, package dependency security advisory scans on a weekly basis, and endpoint scans on a monthly basis. In addition to internal scans, Yeeflow commissions external penetration tests on a regular basis.
As part of the software development process, code and configuration changes are thoroughly reviewed. Before being deployed, these changes are tested during the quality assurance process to help ensure a consistent experience across all devices, platforms, and browsers that are supported by Yeeflow.