Information Security

Information security at the national government

FireServiceRota is part of various safety-critical processes: we inform you about understaffing, alert you via pager and smartphone and process your privacy-sensitive information. For these reasons, information security is one of our main focus points. National governments are also placing increasing emphasis on this, for example in the Municipal Purchasing Conditions for IT in The Netherlands, and the NCSC Cyber Assessment Framework guidance in the United Kingdom.

In this section we give you a brief overview of the measures we take to protect the security of your data.

C.I.A

Fittingly, information security focuses on protecting the CIA's systems: Confidentiality, Integrity, and Availability.

Confidentiality

Confidentiality means that your data is not accessible to unauthorized users. We protect the confidentiality of your data through an extensive authorization model for access control, especially for users with access to sensitive data and systems. Every time we install an update, this authorization model is first extensively and automatically tested. In addition, we have an annual penetration test performed by a specialized external party. They test our systems for vulnerabilities and make recommendations on how to avoid them.

Integrity

Integrity means that your data cannot be manipulated or deleted. Continuous backups are the most important measure to ensure integrity. These enable us to restore (a part of) the database to an arbitrary moment in time, for example before data was modified, deleted or damaged.

Availability

Availability focuses on ensuring that alerting, scheduling and other functions are always accessible to you. Also in the event of a failure of our primary data center, a DDoS or ransomware attack. To ensure this, we have redundant servers in a data center at a different location in Europe. These servers can take over the function of our primary servers within 10 minutes. This process is regularly practiced by our team.

ISO 27001:2022

In addition to the above-mentioned measures, FireServiceRota does a lot more behind the scenes on information security. Many of these are listed in our Business Continuity Plan.

Furthermore, FireServiceRota is fully ISO/IEC 27001 certified, which is the officially recognised standard for information security. This means we have an externally audited Information Security Management System in place, which defines the many detailed policies that we use to protect your information and our systems against threats and vulnerabilities. You can download our certification here.

Would you like to know more about how FireServiceRota puts information safety first? Contact us!

Would you like to report a security issue? Send us an email on security@fireservicerota.com