Explore Yellowfin now with our sample datasetGet Started
Yellowfin maintains an updated company WISP (that defines company secure operating) and other SOP documents for staff to follow.
Yellowfin has the following
Company security is under the responsibility of the office of the COO. The operations team manages all organization security concerns.
The Yellowfin WISP and other internal documents define the approaches to harden the ecosystem from external influence or unauthorized access. Yellowfin has an ISO officer who functions to regularly test external boundaries and perform vulnerability tests on network components and all endpoints. The ISO officer uses industry-standard scanning tools to discover issues and triage them for resolution or mitigation.
Yellowfin protects all its company boundaries with Cisco 5515-X or 5545-X firewalls; Yellowfin also uses internal Cisco 5515-X firewalls on internal boundaries to protect company secrets and IP.
Yellowfin protects all endpoints and service platforms with Bitdefender Cloud protection. This technology is installed as a client on Windows, Linux and Apple; it is controlled and monitored by the cloud portal. Bitdefender cloud provides each client with a local firewall, antivirus, antimalware, anti-crypto, web/email protection and file protection.
Yellowfin uses high entropy passwords on all servers and external service platforms. High entropy means 20 characters or greater. Our standard is 32 characters.
The internal staff SOP defines the password policy and recycling frequency for staff to follow.
Yellowfin uses OKTA SSO technology to provide a single point of access for all company applications. Staff have a single login and all allocated web-accessible applications are available through the OKTA portal. When staff onboard, their access platforms are assigned and when staff offboard, their platforms are revoked.
For GUI apps, and equipment where credentials are required; these are issued and revoked by the Operations team.
The Operations team, working under the office of the COO; are responsible for IT system access.
Yellowfin only stores customer and lead information provided to Yellowfin by those stakeholders. Yellowfin does not store information that is PII sensitive like DOB. All GDPR eligible information is provided by the lead contacts or the account contacts and is public level information. Yellowfin will remove a person’s held information on request from all active systems in compliance with GDPR rules and will keep only the minimum information to maintain the integrity of our accounting and billing systems.
Yellowfin is also a signed-up member of US Privacy Shield.
Yellowfin has a documented DRR, Pandemic and Continuity plan; The documents are written to be flexible to any possible scenario that impacts normal business operations.
The latest testing of the plan would be the COVID-19 crisis; which required citizens to shelter in place or at home. Yellowfin executed on the plan and established WFH practices to allow a transparent move from WIO to WFH with no loss in productivity. Yellowfin’s established infrastructure and security allowed for this seamless transfer.
We do not allow 3rd parties to access production systems; Internal staff manage all production and development concerns
All staff on start of employment are required to sign NDA that is unlimited and intellectual property protections. This protects Yellowfin and its customers; With respect to customers it prevents the staff member disclosing any confidential information they may obtain in the course of their duties as a representative of Yellowfin working with customers.
Yellowfin does not perform criminal checks on employees; Yellowfin does not perform security vetting on employees. Employees are subject to reference checks on assessment of employment and sign NDA and other company agreements for the protection of company secrets, IP and customer information.
Yellowfin does have a company-wide code of ethics policy available to all staff. This covers all standards of honesty and fair play in working with customers.
The document can be provided for review on signing an NDA.
The Yellowfin application has robust security controls and a granular permission scheme to fit any requirements or regulations. As a business, we comply with all relevant regulations.
Yellowfin practices 3.2.1 backups of core systems, data and information. Yellowfin offsites backups to AZURE and AWS cloud daily, reducing PIT losses.
Backups are encrypted for safety over public wire.
Yellowfin has a diversified set of IT capabilities across, AWS, Involta DC, HQ and regional offices. This provides a high level of flexibility and built-in redundancy. Yellowfin protects all endpoints with Bitdefender cloud endpoint protection. Yellowfin protects all outside boundaries with Cisco 55X5-X Firewalls. Yellowfin protects inside IP assets with Cisco 55X5-X Firewalls. Yellowfin practices 3.2.1 backup of core assets. Yellowfin employs a dedicated security officer to regularly scan internal and external interfaces for vulnerabilities and manage their resolution.
Yellowfin does use some open-source libraries inside the Yellowfin code base. Yellowfin only uses open-source libraries that are free of CopyLeft or Proprietary licenses. Yellowfin uses industry tools like SonarCube and SonaType to scan the Yellowfin code base for security vulnerabilities, bugs and issues, open-source vulnerabilities, open source bugs. Yellowfin employs a dedicated IS. consultant who works full time on the detection and correction of security of the Yellowfin code. This also includes managing open source licensing to ensure compliance.
Yellowfin will choose an available algorithm depending on the support of the JVM. It will try these in order: AES, 3DES, BlowFish, DES. Yellowfin will use the default key size for the algorithm chosen.
Yellowfin uses the bCrypt algorithm to hash of the plaintext password and store the hash in the control database; Yellowfin also uses CRC and other anti-tamper mechanisms to ensure the hash password cannot be altered or replaced.
Yes. Yellowfin’s internal Tomcat instance supports TLS 1.2
The American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) reports give assurance over control environments as they relate to the retrieval, storage, processing, and transfer of data. The reports cover IT General controls and controls around availability, confidentiality and security of customer data.
Yellowfin has completed a successful SOC2 type 2 assessment. The report is available on request to the Yellowfin Sales team on the provision of a signed NDA.