Our security measures include:
Vulnerability Management
Skriba conducts annual penetration tests and regular security scans. In addition, we continually scan our code repositories for known security vulnerabilities.
Internal Security
Our internal systems are secured using proven methods and are constantly monitored for vulnerabilities and unusual activities.
Each operation of a user is recorded in a logbook. We keep these audit logs for ten years to ensure evidence integrity.
Our customers have full control over the authentication of their accesses, enabled by the use of Single Sign-On (SSO) via Microsoft Entra ID or Google Cloud Identity.
High availability
Our system infrastructure is distributed across two data centers in Switzerland and is continuously mirrored. We continuously monitor our services for operability and promptly resolve any disruptions.
Swiss hosting
We host our platform and all associated data in Switzerland in two georedundant data centers of Microsoft Azure, which are certified according to ISO 27001.
nDSG and GDPR-compliant support
We are currently in the process of certifying for ISO 27001. All data is processed in accordance with the EU General Data Protection Regulation (GDPR) and the new Swiss Federal Data Protection Act (nDPA) and is secured at the highest security level in Switzerland.
Security training
Regular mandatory training in safety and compliance is conducted for all our employees. In addition, we organize best practice training for our developers.
Access management
Access to systems and data at Skriba is strictly granted according to the need-to-know principle. We conduct regular access rights reviews to ensure security.