Skip to content
English
Book a demo
English
Book a demo

Our commitment to cyber security

Learn how Roseman Labs assesses and validates the security of our platform.

Assessing security

When offering a service specialized in processing sensitive data, our customers want to thoroughly evaluate our platform's security.

To this end, we have asked several specialized organizations to validate the security of our product. Here we provide more background to these assessments and their applicability to the way Roseman Labs handles commercially and privacy sensitive information. 

 

DigiTrust - ISO 27001 & NEN 7510 

The ISO 27001 is the world's best-known standard for information security management systems (ISMS) and the NEN 7510 is the corresponding Dutch standard that relates to information security in healthcare. The NEN 7510 is based on the international ISO 27001 norm, and includes additional, specific controls for healthcare (service) providers. DigiTrust performs certification against the ISO 27001 and NEN 7510 norms on an annual basis. 

 

Baseline Product Security Assessment (BSPA) 

An evaluation lab supervised by the Dutch General Intelligence and Security Service (AIVD) performed the Baseline Product Security Assessment (BSPA) of our platform with positive results. The BSPA is a certification scheme developed and maintained by the Dutch General Intelligence and Security Service aimed at the security needs of the Dutch government and in exceptional cases also private sector organizations.

Our product has successfully passed this certification. For more information about the security level and the scope of the BSPA evaluation, please refer to the BSPA deployment advisory and the list of evaluated products on the AIVD website. 

 

Software Improvement Group (SIG) 

The highly specialized Software Improvement Group (SIG) performed a comprehensive source code assessment of the maintainability, security and cryptography of our product. Two of the SIG consultants are experts in validation of cryptographic products and state level cryptography. The assessment was performed against the ISO 25010 standard and SIG's Cryptographic trustworthiness model.  

We are proud to highlight that the SIG assessment method leaned heavily on manual code review, involving comparing our code to relevant scientific publications and including extensive technical sessions with our team for interview, validation and discussion. In addition, the consultants utilized leading static analysis tools to support the code review, find security weaknesses and measure maintainability.

To quote Rob van der Veer, SIG’s senior principal expert in AI, security and privacy:

“Our assessment concluded that Roseman Labs’ product offers sound confidentiality and integrity. It is fit for purpose when it comes to maintainability, security and cryptographic trustworthiness.

 

Penetration Tests

In addition to the above, we apply standard penetration tests, conducted by external parties to test the information security of our product. This is done at least on an annual basis.

 

Why security is as important to us, as for our customers 

Auditability, and the ability for customers to assess the robustness of our product, ensures that systems are secure not only by design, but also by implementation, through thorough evaluations and assessments.  

When building a product based on novel cryptographic building blocks, auditability is particularly important because the technology involves complex and subtle cryptographic techniques that can increase the potential risk of errors in implementations. It is essential that code is periodically reviewed by cryptographic experts to ensure that the implementation functions according to specs. 

Roseman Labs takes the responsibility of protecting customer data seriously. A robust information security management system, periodic penetration tests and evaluation of well-specified cryptographic protocols provide a foundation of trust. Detailed review and ongoing audits by independent specialists ensure that potential vulnerabilities are identified and addressed before they can pose a security risk. 

"Security is our top priority. We protect your data and our systems across the board."

- Hugo Ideler, Roseman Labs CISO and Head of Engineering

We invite security researchers to review our Responsible Disclosure Policy and the broader community to reach out to us directly, or join the Collaborative Computing Slack channel to be part of the conversation.

 

Generate new insights on sensitive data with Roseman Labs’ secure Multi-Party Computation technology. Want to find out how your organization can do that? Contact us using the form below.

Book a demo

Enter your details and we'll be in touch to book a free, no-obligation demo with you.

 

  • Analyze vast amounts of data in the blink of an eye
  • Safely use sensitive data with state-of-the-art encryption
  • Gain new insights to make well informed decisions

Related Articles