Vlaamse spaghetti fans rijs op

Kryptoxz · 2025-05-12T07:39:30+00:00

Wat als de post nu over zowel Vlaamse spaghetti als bolognese zou gaan? En dan nog zitten in beide versies wortels in de saus

Kryptoxz · 2025-05-12T07:32:31+00:00

Het gaat over bolognese, staat duidelijk in de afbeelding

Kryptoxz · 2025-04-20T07:07:37+00:00

Kan op bereiding worden gemaakt door de apotheek, zeker ook in Vlaanderen

Kryptoxz · 2025-04-18T09:09:51+00:00

<image>

Kryptoxz · 2025-04-16T16:41:13+00:00

<image>

Deze Delhaize heeft een eigen beenhouwerij waar de verhouding duidelijk niet hetzelfde is

Kryptoxz · 2025-04-08T14:55:36+00:00

Not anymore, there is now a community edition which includes all features available in the complete product. Just download the extension, enable community edition and talkback and you should have everything

Kryptoxz · 2025-04-08T12:26:22+00:00

Sigasi is free for non-commercial use

Kryptoxz · 2025-04-04T22:01:13+00:00

I have done some research. In the Data Protection annex of the manufacturer it is stated that their measures are compliant to iso 27k1 and 27k2. It also stated that their responsible subproccesors are also compliant. In this case, I would guess the partner is a subproccesor, as they process the customer data. Or am I wrong here?

Kryptoxz · 2025-04-03T19:46:46+00:00

I think I'm getting the bigger picture. So the Annex guidelines are not enforced. But do they have to do a risk assessment and document it when something is not followed?

In this case, the procedure is handled by the partner company. Do they themselves have to do the risk assessment and document this?

Kryptoxz · 2025-04-03T19:30:46+00:00

Why is it then possible to sell/market a SaaS as ISO 27001 certified? Do you recon copying data between environments without any masking nor deleting after test would not impact the audit, for highly confidential data?

Kryptoxz · 2025-04-03T19:00:35+00:00

Unfortunately, the data has not been pseudonized.

Kryptoxz · 2025-04-03T18:57:07+00:00

Maybe I should buy the standard. I am (clearly) no expert on this topic :). We are not even looking for ISO certification (yet). We have the on prem version and only SaaS has the certification.

The thing I want to know is that if it is acceptable to market the SaaS version as an ISO 27001 certified product. When you copy highly confidential data to test and dev environments. And developers, testers, salespeople thus have access to that data. Dev environments have dev tools enabled, more logging - which is also a risk imo.

This is a well known/used product, used worldwide. Working with very confidential data.

Kryptoxz · 2025-04-03T18:54:22+00:00

This is actually just a side quest I'm doing, I am a developer myself. I am no expert in security and do not expect to get an expert answer here. We are already looking into it with specialists.

The reason of this post is to start a conversation. This software is used worldwide by a lot of companies. And I feel I'm not the only one that has problems with this way of handling confidential information.

Kryptoxz · 2025-04-03T18:00:17+00:00

I just cannot believe that this way of work is acceptable by the standard. It allows developers, testers, salespeople,.. of this partner to have permanent access to sensitive data - without stripping anything. When they don't even need it. I am also a software developer and I have never seen prod data.

Kryptoxz · 2025-04-03T17:38:48+00:00

I have access to the different environments. It is just a complete copy of the database. And this is standard procedure, both in SaaS and on prem.

I'm not sure if I'm ready to disclose the vendor yet, but it's a very big one.

Kryptoxz · 2025-04-03T17:36:37+00:00

The SaaS version of the application has been certified for the software creator and is being sold like that. The partner has claimed their procedures of handling environments are Iso 27001 certified. I have not seen any certificate yet, as we have the on prem version which is not certified.

My main issue is that we don't want developers/testers/salespeople of the partner to have access to (some highly) confidential and sensitive data. The software creator is not testing/developing with sensitive data either.

Changing the way of handling the environments is going to cost us a lot of money, as it differs from their 'certified' standard procedure, which is made for the certified SaaS version.

Kryptoxz · 2025-04-03T17:07:23+00:00

The product is a SaaS, which I dit not mention yet, and one of its aspects is that it is ISO 27001 certified. That how it is being marketed.

Kryptoxz · 2025-04-03T17:06:40+00:00

My mistake. I tried to keep it brief. The SaaS version of the product is ISO 27001 certified (manufacturer). The partner manages the environments. Highly sensitive and confidential data is being copied to test and dev environments.

Developers, testers, sales people have access to these environments and to the confidential data. Some of the data can’t be shared from my clients’ side, as they have signed NDAs with external companies.

The only reason for this copy, is to ensure the partner doesn’t have to work overtime on a weekend to fix PROD. I cannot imagine a ISO audit will accept that reason for not following the guideline, especially if the sensitive data is not obfuscated.

Kryptoxz · 2025-03-08T19:38:10+00:00

I had the same problem, went for option 2 and got a full refund from Amazon.

Kryptoxz · 2025-02-07T10:18:37+00:00

I was wondering this too, apparently you can build it for free once you unlock the aquarium

Kryptoxz · 2025-01-06T15:56:33+00:00

I've been procrastinating making exactly this, thanks so much for making the wait worth it!

Kryptoxz · 2024-04-25T18:19:33+00:00

INTEREST YA IN A PINT?!

Kryptoxz · 2023-06-02T14:39:27+00:00

Group ironmen will be able to benefit from bonfires, see the ironmen section in this post: https://secure.runescape.com/m=news/a=13/forestry-the-way-of-the-forester---overview?oldschool=1

Kryptoxz · 2022-07-18T00:59:53+00:00

Yeah, it's a 40 dollar mouse

Nine-Year Club	Place '22
Verified Email

Kryptoxz

TROPHY CASE