“ICRA Systems is Secure and Safety is Continuously Ensured by Certified Parties.”

The security of your information is our top priority. Our hosting partner is DNV-GL ISO 27001 certified. The application uses Azure PaaS services consisting of an Azure Subscription containing:

• SQL Database for permanent storage of user data.
• App Service for hosting application logic.
• Key Vault for secure storage of confidential information.
• Application Insights for collecting application logic events.
• Monitor for full-stack monitoring.
• Backup for backing up user data.

All services are located in the West Europe (Amsterdam) region. Additionally, significant attention is given to Updates. All services used are platform as a service. This means that the operating system and application stack are managed by Microsoft Azure. Azure manages patching of the operating system at two levels, the physical servers and the virtual guest machines (VMs) that run the Services resources. Both are updated monthly.

Separation of duties

• The Azure Subscription has 2 owners.
• Azure DevOps service principal only has rights to create infrastructure.
• RBAC on permissions in Azure DevOps pipeline.

Management of privileged access rights

• Access rights are monitored via Azure Policy.
• MFA is enabled for accounts with owner permissions for the subscription.
• An Azure Active Directory administrator is provisioned for SQL servers.

Cryptography policy

• Azure App Service is only accessible via HTTPS.
• TLS 1.2 encryption is applied to all connections.
• Event logging
• All event logging is centrally stored in Azure Monitor.