Security

Security is essential for the Registered Email platform to guarantee the privacy of messages and documents. The balance between ensuring both safety and user-friendliness is something that was at the forefront of consideration during the platform’s development.

Information Security

• Aangetekend B.V. and in turn, Neopost is ISO27001 certified by Lloyds Register. ISO27001 is an international standard for information security. The standard describes requirements for the design, implementation, monitoring, evaluation, tracking and improvement of a documented Information Security Management Systems (ISMS). This standard is tested externally every 9 months, which ensures that information security is maintained. Aangetekend B.V. also demands the same standard from its suppliers which Neopost meets.
• Operational Risk Management, Security & Architecture (OSA) processes have been completed for and by various banks and insurance companies
• ‘ Ethical hackers ‘ test the safety of the service on a regular basis (PEN-testing)

Data remains in Europe

• The data centres used by Registered Email are ISO27001 certified and are on European territory within the EEA
• Data protection has been agreed in processing agreements in accordance with the GDPR
• After a Registered Email has been accepted or rejected by the recipient or the retrieval period has expired, the actual content will be deleted from the Registered Email server; only metadata surrounding the communication is saved.

Secure connection between Sender, the Registered Mail server from Sender and the Recipient

• For each organisation/process, a Registered Email server is set up with an SSL certificate allowing a secure connection (secure SMTP) to be established between other mail servers and web pages (https://)
• Registered Emails are stored in an encrypted environment until the mail is retrieved or declined or that the set retrieval period has expired
• Encryption-keys are stored separately from the customer specific environment

Retrieving a Registered Email by the recipient

• Before the Registered Email server releases the mail, a CE-ID (32-bit) is requested; when 3 attempts fail the IP-address is blocked.
• A Hash code (SHA256) will be calculated for all submitted attachments to show – if desired – the authenticity of the message

Updates and management of the Registered Email Servers

• The further development takes place according to a ‘security by design’ principle whereby the OWASP is consulted
• Updates are developed and delivered using an OTAP environment
• Management is conducted preventatively by qualified screened personnel using a monitoring system that monitors the correct operation of each registered mail server at 32 points.
• Secure passwords for SSH access using only known IP addresses for developers
• Anti-SPAM measures are continuously tightened using, among others, Reverse DNS, SPF, SSMTP, DKIM and DMARC

Additional Security measures have been taken around the Registered Email service which are classified as company confidential. More information about our security can be shared on request, after the signature of an NDA.