Information security
We ensure confidentiality, availability, and integrity.
Security is the standard
At Toolsfactory, information security is central to everything we do. As developers of software for strategic planning and management, we understand the value of our customers’ data and take extensive measures to ensure its availability, integrity, and confidentiality.
Our information security policy is established in line with ISO/IEC 27001:2022 standards. In spring 2025, we will complete the full ISO 27001 certification process, after which annual internal and external audits will take place.
Our approach
Risk management and continuous improvement
We employ a structured approach to identifying, assessing, and managing information security risks:
Our ‘Do, Learn and Adjust’ methodology ensures ongoing monitoring and improvement of our security level, with monthly ‘action sessions’ and quarterly ‘adjustment sessions’ where we evaluate progress and recalibrate priorities.
People: From weakest to strongest link
We recognize that technical measures are necessary and helpful in protecting confidential information. We use multi-factor authentication (logging in with an additional code) where possible, and everyone has a good password manager with automatically generated unique passwords.
However, humans are often the weakest link: clicking on the wrong link or accidentally sharing their screen. We therefore invest heavily in raising awareness among employees, partners, and users. This keeps us alert to risks and opportunities to improve information security. Together, we keep our tools and processes secure and transform people from the weakest link into a strong one.
Secure software development
Information security plays a major role in our development process. We develop using the OWASP Top 10 as a guideline and have both automatic and manual testing procedures. The OWASP Top 10 is a list of the ten most critical security risks for web applications, compiled by security experts, to help developers identify and mitigate common vulnerabilities.
We implement updates to systems and modules we use as quickly as possible. This ensures that the software remains secure when we put it live.
We regularly have external experts check our security through penetration testing.
Secure usage
Naturally, our tools are well-protected with unique usernames and passwords. We encourage customers to use multi-factor authentication or to connect their environment to Microsoft Entra ID (formerly Azure AD).
Clear roles are defined within the tools, allowing you to determine who can view and edit what information.
The connection to our tools is always encrypted.
Secure hosting
We host our tools on servers in the Netherlands with our supplier Tilaa B.V. They are ISO/IEC 27001:2022, ISO/IEC 9001:2015, PCI-DSS 3.2, NEN 7510:2017, and ISAE 3402 Type I certified. The data on these servers is encrypted.
We continuously monitor the availability and performance of the servers and receive automatic notifications if something goes wrong.
The availability of our servers can be viewed via status.toolsfactory.nl.
Backup
Despite all measures, something can go wrong. That’s why we make daily backups. These backups are stored on a different server (but still within the EU). We keep backups for 30 days and regularly check the backup procedure.
Privacy and GDPR
We take the protection of personal data extremely seriously. We collect as little data as possible. Take this website, for example: did you know we don’t place any cookies?
Of course, we comply with the General Data Protection Regulation (GDPR). We have processor agreements with suppliers who process personal data. And we ensure that data is removed from our systems in a timely manner.
Read also our privacy statement.
Contact
For questions about our information security policy, please contact us.