Strony

Written by Mariusz Krzaczkowski on . Posted in Company.

Testimonials

Testimonials - find out what our clients

think of YetiForce

The satisfaction of our customers with the YetiForce system as well as with the services provided by our company is our priority. We make every effort to ensure that the quality of our services is at the highest level, so that all of our clients can be sure they invested their money properly.

We know that deciding which system or support option to choose is not an easy task. To make this choice easier, we encourage you to read the opinions of our users, showing how our solution helps to optimize business processes in their companies.

Good support team, steady development, free or low priced support. Secure, still pretty fast. Suggestions are taken seriously and its open source! Continued development with big steps. Still our first choice to advise our clients!

Bastiaan Houtkooper - Zebra Hosting

We are an Italian system integrator and we are using YetiForce for all our CRM projects. We ask a feedback for all our customers about their yetiforce experience and the result is always that the application is intuitive, fast and user friendly.

Gianluca Peloso - Milano IT Consulting

YetiForce's extensive set of products promised to cater to all our sales, marketing, management, and support needs. We made the big decision to completely migrate from our previous sales platform to YetiForce, and now we're happy about that move.

Michiel Grotenhuis - Leased.Computer

Feature rich, easy to customize, ability to create your own modules, fast loading (no shaky screen transitions like my old vtiger used to do), superbly integrated with components such as Roundcube.

Chris Soltvedt - CSCloudSolutions

Yetiforce is not only loaded with lots of extremely useful modules, but its code has been swept with all residue bad and unnecessary code produced by "older brother".

Markus Derek - Thai Brand

I recommend YetiForce to everyone who is looking for a reliable, secure, free, and open source CRM that can do as much as the commercial ones can.

Sławomir Kownacki - TeleCom

Easy to install and to manage. Easy to customize. Great Github site. A lot of functions. Its Free. It would be the best CRM.

Luis Cuevas - Cable Servicios

This is really amazing crm, what make better job on my company! easy to install, easy to use and with great community!

Alonso Entrerios - Aletres

I consider Yetiforce CRM a very powerful platform that can significantly increase the productivity of any business.

Roberto Lombardi - Simple Solutions

Pracownicy firmy YetiForce przeprowadzili dogłębną i profesjonalną analizę naszych potrzeb i zmodyfikowali wybrane elementy systemu zgodnie z naszymi wymaganiami.

Jacek Godźwa - Concept Sp z o.o.

Dzięki dokładnej analizie naszych potrzeb otrzymaliśmy system w pełni dostosowany do naszych wymagań, a nasze oczekiwania dotyczące funkcjonalności zostały całkowicie spełnione.

Sebastian Kozłowski - Bridge Agency

Projekt został wykonany zgodnie z metodyką Agile a dodatkowo zakres prac i ich terminowość była zgodna z umową.

Piotr Piotrowski - Point Sp z o.o.

In my opinion, simply the best of the open-source alternatives I've seen. Very customizable and a out-of-the-box fully usable featured solution.
I've seen and used a lot of free alternatives, but this one takes the cake. A fully featured suite with all you'll ever need. If your business is small like mine, you can slim it down to suit your needs. Highly customizable with a very large and supportive community.

Rui Strecht - Aliartalentos

I've been using Yetiforce CRM for 1 year and its evolution is fast with new added features. An excellent CRM software.

Valmir Trindade - TTCA Soluções

Very useful software. Just in few clicks and ready to start your own business. Github contacts fast and ready to react on all the problems. I think it's great.

Eugene Yaremenko - Firm TiM

Complete solution for our own custom CRM. - It is totally free!!! - We can have YetiForce team to help build our own custom CRM with some fees, but it is considered cheap.

Nando Lim - PT. Visi Teknologi Asia

Great, easy to use and configure to match your needs. Never failed. It is open source so if I want to add some functionality I just write my own module. It has also lots of features already built in, which are normally extra paid. It allowed me to customize it according to my needs.
I did not really find anything that would make me unhappy about this CRM. Every problem I came across and could not solve it myself, was usually fixed in the next release of CRM.

Eugene Yaremenko - D&T BROTHERS SP Z O.O.

It is an excellent tool, I work for years with vtiger and Yetiforce far surpasses it. I recommend 100% YetiForce.

Nicolas Alfonso - VR4

Project management and product catalog I can find and use easily. All software is like a puzzle you want to match with pleasure.

Jakub Niewiadomski - Mediaeste

CRM is fully customised which makes it suitable for all our activities. Team has demonstrated good understanding of our business needs, contact with the vendor is easy. Documentation for implementation was well thought-over. This system user friendly, despite it is technical complexity. We will continue cooperation with YetiForce. It keeps our document and information circulation much easier.

Piotr Woźny - OmniOffice

I used a couple of different CRM apps before, both free and paid but they were never enough. If they were free they didn't have everything I needed, if they had everything I needed they were simply too expensive. Yeti Force, however, beats them all. I had a few issues at the very beginning but they were fixed pretty quickly and it's been working well ever since. Great project management features, free support, allows you to enable/disable modules and add custom ones.

Arkadiusz Dudek - Monobit Arkadiusz Dudek

Great cooperation with YetiForce! They moved our business on new level with their software.
Customization for our needs is splendid! We can create new features which we need almost on demand.

Maciej Brener - Point Sp. z o.o.

Easy to use and good customer support. The flexibility of the system, you can add field in the modules very simple. You can make your own modules very simple. We use it for our operational process, working with tickets and service contracts.

Alex van Woesik - Entelec Control Systems

It is easy to set up and use, nice GUI, excellent and elastic support. They can implement custom module for You. I recommend this product.

Piotr Kujawka - Follow You

We have been using YetiForce for a couple of years and it has never let us down. It is quick and intuitive. The producer offers several support options, including free support. It is a decent application that requires no subscription or license fees. I would recommend it to everyone who is looking for a reliable open source CRM.

Sebastian Kozłowski - Bridge Agency Overseas Education Centre PTY LTD

Easy to use and good customer support. The flexibility of the system, you can add field in the modules very simple. You can make your own modules very simple. We use it for our operational process, working with tickets and service contracts.

Alex van Woesik - Entelec Control Systems

I found YetiForce a little bit over a year ago and decided to give it a try. The developer always surprises us with something great. For example the latest version brought a record preview functionality that I've been waiting for for a long time. It saves us a lot of time (and clicks) on a daily basis.

Krzysztof Krzaczkowski - AK-FUTURE Sp. z o.o.

It really has amazing functionality once you set it up to fit your business. I have been using it for almost 2 years and there was never a thought to find a replacement for this CRM. Especially that there are modules that aren't free in other systems and you can have an unlimited number of users also for free.

Zuzanna Siwecka - E-House Sp. z o.o.

YetiForce offers a great functionality that makes a lot of things related to customers service very easy, quick and smooth when it comes to running a business. It is clear and quick to use, does not pose any problems when finding desired functionality. A big plus for having as many users as we need, costless.

Dorota Rydz - Think Poland Sp. z o.o.

It's very flexible and open source, you can modify whatever sections of it, if you want. Moreover, it's front-end skin and structure are stylish, beautiful, web 2.0 colors, and you can connect it to your mobile application (android and ios), to create an integrated system for your company.
We are using this software for handling our related issues processes in marketing, sales, and products management. It has many modules, so you don't need to worry about any limitation in the powerful back-end. This software lets you manage your data related to marketing, customer support, products and more.

Ali Bonakdar - CATRA Co.

Great product, and for free! Great choice for any business!
All necessary modules, widgets and features are already in the system for free, the developers also provide free help. The system is quite easy to install and manage and it's very user friendly when properly configured. One of the factors that made us choose YetiForce is their beneficial license. The app is fast, secure, looks good and works well.

Mariusz Figiel - MORE Advertising Group

Yetiforce was extremely easy to install and is leaps and bounds above other CRM solutions
I installed vTiger for a Client who lives on the East Coast. It took me over 24 working hours to get vtiger installed and initially setup correctly (by suppressing error messages, lots of // in the code). YetiForce requirements and install was extremely straight forward and easy to get setup.

Steven Bouillon - NetstatFX

Splendid software with plenty of features, all very useful in your customer's service.
Offline installation, safe code, many many many features (you're good when you use 10% of them), nice responsive interface, e-mail integration, customization, ease of maintenance and backup.

Paweł Wyszomirski - SKL Plus sp. z o.o.

Very complete tool for handling customer information
What I like about Yetiforce, is that although it is a free download tool, it is very complete and intuitive.

Italo Pedrosa - Citibank

YetiForce has a lot of versatile functionalities and tools that can be easily found in the application. It's also fairly easy to manage from the administrator's perspective. Updates and new features are released quite regularly. The application is free and opensource so the possibilities are endless.

Magdalena Kozaczuk - Promesa Plus Sp. z o.o.

I have 14 years of experience in Open Source CRM and this has been very impressive from the beginning. It has many fine features and clean and functional layouts. Easy to administrate, when first learned to use its diverse functions. Convenient functions to make own translations, custom modules, relations between modules and fields, widgets, colouring importing records, etc., etc. Relative quick reacting in reported issues.

Kimmo Paulaharju - Tigersoft

  • PwC

  • Bridge Agency

  • PromoNotes

  • Promesa

  • Concept

  • E House

  • Ministerstwo Przedsiębiorczości i Technologii

  • Smart Internet Solutions

  • Point

  • Think Poland

Read more …Testimonials

  • Hits: 7147

Written by Mariusz Krzaczkowski on . Posted in Company.

Awards

YetiForce's awards

YetiForce CRM keeps developing constantly, at the same time gaining recognition in various competitions and rankings. Our efforts not only have been noticed in Poland, but also on the international market. Each year our system wins numerous prestigious awards and gets ranked at the highest places in important industry competitions. We decided to list them all in one place and describe them in detail.

Capterra - Most Affordable CRM Software in the World in 2017

Capterra is an independent platform where registered users can share their opinions and experience with software they have had the chance to use. The applications are divided into over 700 categories, and there are hundreds of different programs to manage customer relationships in the CRM group itself. Each year Capterra releases a ranking of the best applications in all categories.

YetiForce CRM won the1st place in the Most Affordable CRM category.

It was the first time we took part in this ranking, which made us even more excited about the distinction. This title is one of the most important awards won by YetiForce CRM.

While determining the position in the ranking, the average monthly cost of software, the total number of system functions for this price and customer feedback were taken into consideration. We scored 12 points out of 12! This confirms that YetiForce CRM is the most functional and at the same time the most affordable CRM system in the world.

Here you can find out more about the ranking.

SoftwareAdvice - FrontRunners 2019 for CRM Software

SoftwareAdvice is a service that helps you find the most fitting software to facilitate processes in the company. Twice a year the service publishes a report that includes the best software, based on reviews left by the users.

Nearly 600 CRM systems were analysed, and those that achieved the highest results in terms of usability and user recommendation were placed in the “Front Runners” group. One of the conditions of being included in the final report was obtaining at least 20 reviews within the past 18 months and achieving the minimal threshold as far as ratings are concerned. The applications had to also offer a basic set of functionalities - for example contact management, interaction tracking, and leads management.

YetiForce CRM scored 4.64/5 in terms of usability and 4.39/5 from users’ reviews. In the final tally we were placed in the top ten with a final score of 9.03/10. High user ratings and vast functionalities offered by YetiForce CRM is what helped us achieve such a high score.

Here you can find out more about the report.

G2 Crowd - High Performer in CRM Category

G2 Crowd is one of the most influential platforms to verify business solutions, and it includes over 170 000 reviews. The “High Performer” title is awarded to products that received high scores from the users, but have not achieved high enough market share to be placed in the “Leader” category.

Each quarter G2 Crowd prepares a new ranking, and once again our software was placed in the “High Performer” category. Our presence on this list is mostly due to all the positive reviews left by the users. It is not the first time for YetiForce CRM to be named a leader in the CRM category. It confirms that our application is one of the most valued solutions for customer management.

Here you can find out more about the ranking.

SoftwareWorld - Top Rated Online CRM Software

SoftwareWorld is a platform that created a ranking of the best CRM systems based on the offered functionalities and user ratings collected from other websites. By using reviews from sites like Capterra or G2 Crowd, the results are more accurate because they are calculated based on a larger number of reviews.

YetiForce CRM ranked 10th in this ranking, ahead of competitors such as Vtiger and Bitrix24.

Here you can find out more about the ranking.

PROCON Awards - Supplier of the Year 2017 in IT Category

The PROCON Awards competition is an extremely reliable assessment of the quality of customer service offered by IT companies from the Polish market. Scoring was based on surveys, in which our clients evaluated our cooperation.

The jury of the competition recognized YetiForce as the best supplier in the IT category in 2017, appreciating our individual approach to the client.

The competition has been organized since 2014, and the goal of this prestigious event is to award the best solution providers in three categories: IT, Logistics and Creative Services.

Here you can find out more about the PROCON Awards.

FinancesOnline - Great User Experience Provider

FinancesOnline is a platform that allows users to evaluate and compare various B2B applications. A list of the most popular solutions in individual categories is created by using a proprietary algorithm that takes into account opinions from social media. The most outstanding applications in their respective areas are awarded.

YetiForce CRM received the "Great User Experience Provider" title.

The prize is awarded for significant progress in prioritizing user experience. Experts evaluated how easy it is to start using the application and how user-friendly the interface is. Once again the flexible configuration of YetiForce CRM functionality stood out. Thanks to this, the system can be adapted to the needs of companies of all sizes.

Here you can find out more about our title.

FinancesOnline - Rising Star Among CRM Systems

Another award given to YetiForce CRM by FinancesOnline is the "Rising Star" distinction in the Customer Relationship Management category.

The "Rising Star" award is given to new products that have recently become popular and recognized as effective solutions. In addition, they are products that actively innovate and implement new functionalities.

Here you can find out more about our title.

SymfonyInsight - Platinum Medal

Symfony developers have created a tool that allows full control over the software based on static code analysis. The application is evaluated in accordance with 112 control points checking its safety, reliability and compliance with standards and good practices.

YetiForce CRM is one of the few systems that meet all 112 control points, which ultimately led to us receiving the platinum medal.

It is worth emphasizing that the average number of errors in other popular CRM programs is 15,000.

Here you can find out more about the medals.

Read more …Awards

  • Hits: 5218

Written by Mariusz Krzaczkowski on . Posted in Company.

Conferences

  • Hits: 5524

Written by Paulina Walenczak on . Posted in Company.

Privacy policy

You entrust us with your data by using our services. We understand that this is a great responsibility, and we do everything in our power to ensure data safety and allow you to control them.

Privacy Policy

You entrust us with your data by using our services. We understand that this is a great responsibility, and we do everything in our power to ensure data safety and allow you to control them.

§1 WHO HAS ACCESS TO YOUR DATA

  1. The data administrator is YetiForce S.A. [al. Jana Pawła II, 00-133 Warsaw, TAX ID: 118-000-24-25].
  2. In exceptional cases, our trusted partners can also be granted access to data, including:
    • Server room and equipment: Atman sp. z o.o. (www.atman.pl)
    • Accounting/HR: Credos Accounting Services sp. z o.o. [ul. Domaniewska 47, 02-672 Warszawa, NIP: 5272672650]. 
  3. The data may be made available to competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with applicable law.

If you have questions about the data we process that concern you, send an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it. or send a letter to the headquarters of YetiForce S.A., we will happily answer all your questions.

§2 OBJECTIVES AND LEGAL BASIS FOR DATA PROCESSING IN YETIFORCE S.A.

  1. We collect only the minimum data that is necessary or relevant to us under the conditions described below.
  2. Websites - we collect only minimal information about the user visiting our website, i.e. session ID, IP address, browser information, and in the case of logged in users also name, surname and e-mail address. The data are collected for analytical and statistical purposes and for the purpose of providing electronic services in the scope of making the content collected on the Website available to Users.
    • The legal basis for processing is the necessity of processing to perform the service contract (Article 6 (1) (f) of the GDPR).
  3. The data processing period depends on the legitimate interest of the controller. The data processing period lasts until the Administrator loses the legitimate interest - but no more than 5 years. After the processing period, the data is irreversibly deleted or anonymized.
  4. Webforms - in the case of contacting us using electronic contact forms, it is required to provide data, i.e. name, surname, e-mail address, telephone number, content of the inquiry, and additionally we collect data, i.e. the IP address from which the inquiry came, date and time, unique session identifier and basic information about the browser. The User may also provide other data in order to facilitate contact or handling the inquiry.
    • The legal basis for processing is the necessity of processing to perform the service contract (Article 6 (1) (b) of the GDPR).
    • In addition, in the scope of data that are not necessary to make contact or handle the inquiry - the legal basis for processing is the User's consent (Article 6 (1) (a) of the GDPR), that can be withdrawn at any time, in accordance to the content of  § 4.
    • The data processing period lasts for the period of performance of the contract, and after its completion until the limitation period for the mutual claims of the Parties, and in the case of personal data processing on the basis of consent - until its revocation. The data processing period may be extended if processing is necessary to establish and pursue any claims or defend against them, and after that time only if and to the extent required by law. After the processing period, the data is irreversibly deleted or anonymized.
  5. Email - in case of contacting us via email, it is required to provide data, ie. email address and message. Other datawe collect: the IP address where the query originated, the date and time, a unique session identifier and a full header and content of the email along with attachments. The User may also provide other data in order to facilitate contact or handle the inquiry.
    • The legal basis for processing is the necessity of processing to take action at the request of the contacting person or in order to perform a contract for the provision of a service. (Article 6 (1) (b) of the GDPR).
    • In addition, in the case of data that are not necessary to make contact or handle the inquiry - the legal basis for processing is the User's consent (Article 6 (1) (a) of the GDPR).
    • The data processing period lasts for the period necessary to establish and maintain contact or for the period of performance of the contract, and after its completion until the limitation period for the mutual claims of the Parties. In the case of processing personal data on the basis of consent - until its withdrawal. The data processing period may be extended if the processing is necessary to establish and pursue possible claims or defend against them, and after that time only in the case and to the extent that they require this legal provisions. After the above-mentioned processing period, the data is irreversibly deleted or anonymized.
  6. Newsletter - the user can subscribe to the newsletter on their own, directly via the website or directly from the CRM system. In both cases, we collect data, i.e. name, surname, e-mail address, IP address where the inquiries originated, date and time, unique session ID and basic information about the browser. 
    • The legal basis for processing is the User's consent (Article 6(1)(a) of the GDPR), which may be withdrawn by the User at any time, in accordance with § 4.
    • The data is processed until the consent is withdrawn or after a period of 24 months of inactivity for the newsletter. The period of data processing may be extended if the processing is necessary to establish and assert any claims or defend against them, and after that time only if and to the extent that it will be required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymized.
  7. Social media portals - the Administrator processes the personal data of Users visiting the Administrator's profiles in social media (Linkedin, Facebook, Twitter, GitHub). This data is processed only in connection with maintaining the profile and on the privacy principles specified in the relevant documents regarding these social media
    • The legal basis for processing personal data by the Administrator for this purpose is the Administrator’s legitimate interest (Article 6 (1) (f) of the GDPR) to promote their own brand.
    • In addition, in the scope of data that are not necessary to make contact or handle the inquiry - the legal basis for processing is the User's consent (Article 6 (1) (a) of the GDPR).
    • The data processing period depends on the legitimate interest of the controller. The data processing period lasts until the Administrator loses the legitimate interest - but no more than 5 years, and in the case of consent - until it is withdrawn. The data processing period may be extended if processing is necessary to establish and pursue any claims or defend against them, and after that time only if and to the extent required by law. After the above-mentioned processing period, the data is irreversibly deleted or anonymized. Please remember that in the case of social networking sites, the owners of these sites are also data administrators and have their own regulations regarding data processing, which you should read. YetiForce is not responsible for the manner of data processing by the above-mentioned entities.
  8. YetiForce system registration and product registration - the administrator processes data from CRM systems, which are sent automatically from the user's system to the Administrator's system using the API. In the case of offline systems [without internet access], the Administrator processes the data provided below on the basis of e-mail correspondence between the user and the administrator. Below is a list of processed data:
    • System registration: system version, app id, crm id, default language, time zone, company size, supplier, company / person name, tax id, address data, company website, links to social media. 
    • Product registration: system version, app id, crm id, supplier, company size, registration date, registration time, registration status, system key, last error date, last error message, list of purchased products.
    • The legal basis for processing personal data by the Administrator for this purpose is the agreement concluded with the User when installing the system. In addition, in the scope of data that are not necessary and do not result directly from the agreement, the legal basis for processing is the User's consent (Article 6 (1) (a) of the GDPR).
    • The data processing period is 6 years. The period of data processing may be extended if the processing is necessary to establish and assert any claims or defend against them, and after that time only if and to the extent that it will be required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymized.
  9. Server and application logs - [incoming and outgoing queries] as well as server and application logs are stored for the purpose of possible determination and pursuit of claims or defense against them. The data collected in the logs include: IP address, date and time, requested URL, browser information and a unique identifier,
    • The legal basis for processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR) to protect their rights.
    • The data processing period depends on the legitimate interest of the controller. The data processing period lasts until the Administrator loses his legitimate interest - but no longer than 5 years. The data processing period may be extended if processing is necessary to establish and pursue any claims or defend against them, and after that time only if and to the extent required by law. After the above-mentioned processing period, the data is irreversibly deleted or anonymized.

§3 COOKIES

  1. Cookie files
    • The YetiForce website, like almost all other websites, uses cookies, which are small text information stored on the User's end device (e.g. computer, tablet, smartphone), which can be read by the Administrator's IT system (own cookies) or the ICT of third parties (third-party cookies).
    • Cookies are used to ensure the proper display of the website, as well as to adapt the content to the User's choices that are technically important for the operation of the website, e.g. the selected language, and to remember whether consent has been given to display certain content.
    • Basic cookies are installed if the User consents via the software settings installed on his or her electronic device. Basic cookies include technical and analytical cookies.
    • Technical cookies ensure proper functioning of the website.
    • Analytical cookies are used to measure the effectiveness of marketing activities without identifying personal data and to improve the functioning of the website. Thanks to analytical cookies, it is possible to examine website traffic statistics and check the source of traffic, as well as detect abuses, such as the operation of bots. Session cookies remain on the User's device until they leave the website or turn off the software (web browser).
    • Persistent cookies remain on the User's device for the time specified in the file parameters or until they are manually deleted by the User.

  2. Cookie consent.
    • During the first visit to the website, the User is shown information about the use of cookies and asked for consent to the use of these files. Thanks to a special tool, the User can manage cookies from the website, disabling individual cookies.
    • Moreover, the User can always change cookie settings from his browser or delete cookies altogether. Browsers manage cookie settings in different ways. In the auxiliary menu of the web browser, the User can find explanations about changing cookie settings.
    • Please remember that disabling or limiting the use of cookies may cause difficulties in using the YetiForce website, as well as many other websites that use cookies. 

§4 RIGHTS OF THE DATA OWNER

  1. The User has the right to: access the data and request rectification, deletion, processing restrictions, the right to transfer data and the right to object to data processing, as well as the right to lodge a complaint to the supervisory body dealing with the protection of personal data (President of the Personal Data Protection Office).
  2. To the extent that the User's data is processed on the basis of consent, it can be withdrawn at any time by contacting the Administrator, which does not affect the lawfulness of data processing before its withdrawal.
  3. The User has the right to object to the processing of data for marketing purposes, if the processing takes place in connection with the legitimate interest of the Administrator, and - for reasons related to the particular situation of the User - in other cases where the legal basis for data processing is the legitimate interest of the Administrator (e.g. in connection with the implementation of analytical and statistical purposes).

If you want to exercise your rights, send an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it. or send us a letter to the headquarters of YetiForce S.A., we will happily answer all your questions.

§5 SECURITY OF PERSONAL DATA

  1. The administrator conducts a risk analysis on an ongoing basis to ensure that personal data is processed in a safe manner - ensuring, above all, that only authorized individuals have access to the data and only to the extent that it is necessary due to the tasks they perform. The administrator makes sure that all operations on personal data are recorded and performed only by authorized employees and associates.
  2. The administrator takes all necessary steps to ensure that its subcontractors and other cooperating entities guarantee the application of appropriate security measures in each case when they process personal data at the request of the Administrator.

§6 LIST OF TECHNICAL AND ORGANIZATIONAL MEASURES

The following list of technical and organizational measures may apply to either part of the organization or the whole, depending on the needs and the data that are processed and protected. For example: "Risk management procedures [ISO 27005] have been implemented" refers only to the server room where data is processed. Below is the full list:

  • Implemented a safety management system
  • Implemented regular security audits
    • External audits (certificates, attestations, customer audits)
    • Internal audits, carried out by internal or external auditors
    • Technical audits (penetration tests, vulnerability scans, code reviews) conducted by internal or external auditors; Audits of third party activities, carried out by the person responsible for managing third parties
    • Data center audits carried out by internal auditors
    • Security audits to verify the infrastructure and network performed by the Data Administrator
  • Implemented risk management procedures [ISO 27005]
  • Implemented change management procedures
    • Roles and responsibilities are clearly defined;
    • Classification criteria have been defined to identify the stages that should be followed when introducing a change;
    • Principles of priority management are applied; risk analysis related to changes is carried out (if the risk is identified, the Security Manager and Risk Manager are involved in approving the change);
    • Penetration tests are optionally performed (if applicable); the change is planned and programmed with clients (if applicable);
    • The implementation is carried out gradually (1/10/100/1000) and, in case of risk, a procedure for returning to the previous state is provided;
    • An a posteriori review of the individual resources affected by the change is carried out;
    • All stages are documented in the change management tool.
  • Implemented internal procedures for developers: appropriate, documented procedures have been introduced. They describe the principles of secure development, "privacy by design" measures and the code review policy (vulnerability detection, error handling, access and records management, storage and communication security).
  • Monitoring services and infrastructure;
    • Detection of failures related to production and safety;
    • Control of critical functions and sending warning messages to the supervisory system;
    • Notification of responsible persons and initiation of appropriate procedures;
    • Guaranteeing the continuity of service operation in relation to automated activities;
    • Ensuring the integrity of monitored resources.
  • Implemented a failure management process to prevent, detect and deal with failures occurring in the service management infrastructures and within the service itself.
    • Documentation of the qualification of security events;
    • Handling security events;
    • Simulation exercises for the crisis unit;
    • Emergency response plan tests;
    • Communication with customers carried out by the crisis unit.
  • Implemented a vulnerability management process:
    • Information websites;
    • Warnings from creators and producers of implemented solutions;
    • Incidents and observations reported by operational teams, third parties or customers;
    • Regularly performed internal and external vulnerability scans;
    • Technical audits, as well as code and configuration reviews.
  • Implemented a process and procedures to ensure continuity of infrastructure operation (availability of equipment, applications and operational processes):
  • Introduced measures to counteract natural and environmental threats:
    • Installation of lightning rods to limit the effects of electromagnetic waves;
    • Location of rooms in zones not at risk of flooding and without seismic risk;
    • Installation of uninterruptible power supplies (UPS) with appropriate capacity and backup transformers with automatic power switch;
      Automatic load switching to generators with 24-hour endurance;
    • Installation of a liquid server cooling system (98% of server rooms do not have AC);
    • Installation of heating, ventilation and air conditioning units (HVAC system) to maintain constant temperature and humidity levels;
    • Fire detection system management (fire drills are conducted in data centers every 6 months).
  • Physical access to the facilities is based on strict perimeter protection, active from the area  entrance zone. Each room is classified accordingly:
    • Private areas;
    • Offices available to all employees and registered visitors;
    • Offices under strict supervision, with access limited to specific people;
    • Zones that house data center equipment;
    • Strictly supervised areas in data centers;
    • Data center zones where critical services are located.
  • Implemented measures to control access to physical facilities
    • Access Rights Policy;
    • Walls (or their functional equivalent) between individual zones;
    • Cameras installed at entry and exit points of the facility, as well as in server rooms;
    • Protected entrances, controlled with access card readers;
    • Barriers with laser beams in parking lots;
    • Motion sensors;
    • Anti-theft mechanisms installed at entry and exit points of data centers;
    • Presence detection mechanisms (24/7 physical protection and monitoring);
    • A permanent surveillance center controlling the opening and closing of doors.
  • Physical access control is based on an access card system. Each card is linked to a specific account, which in turn is linked to a given person. This way you can identify every person in the premises and authenticate the control mechanisms:
    • Each person entering the facilities must have an access card with identification data encoded on it;
    • The identity of the person must be verified each time before an access card is issued;
    • In facilities, each person must carry the card in such a way that it is visible;
    • Access cards cannot contain the holder's name or company name;
    • The access card must enable immediate identification of the category of person staying on the premises (employee, third party, temporary access, guest);
    • The access card is deactivated immediately after its holder loses the right to access the facilities;
    • The employee's access card is activated for the duration of the employment contract; for other categories it is automatically deactivated after a certain period of time;
    • An access card that is not used for a period of three weeks is automatically deactivated.
  • Managing access to individual zones
    • The doors are connected to the central access rights management system;
    • The card needs to be presented to the reader to unlock the door;
      Each person's right of access is verified when the card is read by the reader;
    • In the event of a failure of the central access rights management system, the permissions configured at the time of the incident are valid for the duration of the incident;
    • The door locks are protected against power outages and remain closed in such situations.
    • Keys are stored in centralized places with limited access, separate for each facility, equipped with a depository;
    • Each key is identified by a label; an inventory of keys is kept;
    • The use of each key is tracked and traced using a special mechanism or paper log;
    • The key depository is checked daily according to the inventory.
    • Each lock is equipped with two doors and a limited area between checkpoints, which ensures that only one person can pass through at a time;
    • One door opens only when the other is closed (mantrap);
    • The locks use the same access card system as the other doors and operate on the same principles;
    • Presence detection mechanisms check whether there is only one person inside the lock (anti-piggybacking);
    • The system is configured to prevent the card from being used for multiple entries or exits (anti-passback);
    • A camera placed near the lock monitors people entering.
    • Goods may be entered into data centers only using zones designated for this purpose:
    • The delivery area is configured in the same way as the passenger lock, differing only in its larger surface area, lack of volume and weight control and the fact that access card readers are only installed outside;
    • Only goods pass through the delivery area, people must pass through the passenger lock;
    • A camera with no dead angles is placed in the delivery area.
  • Third party physical access management
    • Each visit must be registered in advance;
    • The employee who always accompanies third parties is responsible for them;
    • The identity of each person is checked before entering the facility;
    • Each third party is assigned a personal access card for one day, which they must return before leaving the facility;
    • All persons must carry their access cards in a visible manner;
    • Access cards are automatically deactivated at the end of the visit.
  • Raising awareness and training employees
    • Employee teams affected by these issues receive appropriate training every year;
    • Every year, training is held for specific employee teams on how to conduct audits;
    • Training courses for specific employee teams regarding technical services are held every year;
    • When new employees are hired, training is organized to raise awareness of issues related to information system (IS) security;
    • Safety-related messages are regularly addressed to all employees;
    • Test campaigns are organized to ensure that all employees respond appropriately in a threat situation.
  • Control of logical access to information systems
    • Permissions are granted and monitored by managers in accordance with the principle of least privilege and the principle of gradually gaining trust;
    • All permissions are, whenever possible, assigned to roles, not individual persons;
    • Management of access rights and authorizations assigned to a user or system is based on the registration, modification and cancellation procedure, which applies to managers, the internal IT department and the HR department;
    • All employees use personal accounts;
    • Connection sessions always have a specific expiration time that depends on each application;
    • User identities are verified before any change to authentication methods;
    • If an employee loses their password, only their supervisor and the Security Manager are authorized to reset the password;
    • User accounts are automatically deactivated if the password is not renewed after 90 days;
    • The use of default, general, and anonymous accounts is prohibited;
    • A strict password policy is implemented;
    • The user does not choose his own password, a password generator is used for this purpose;
    • The minimum password length is 10 alphanumeric characters;
    • The password must be renewed every 3 months;
    • Storing passwords in unencrypted files, web browsers or writing them down on paper is prohibited;
    • It is mandatory to use a local password management program approved by security teams;
    • Each remote access to the information system is carried out via VPN, requiring the entry of a password known only to the user and a shared key configured in the workstation.
  • Managing access of administrative staff to production platforms
    • Any access by administrative staff to the production system is done via bastion;
    • Administrators connect to bastions via SSH using a pair of individual and named public and private keys;
    • Connection to the target system is made either through a shared service account or through a named account via bastions;
    • The use of default accounts on systems and devices is prohibited;
      Two-step verification, along with full monitoring, is mandatory in the case of remote access by administrative staff and employee access to sensitive circuits;
    • Administrators, in addition to the standard user account, have an account dedicated exclusively to administrative tasks;
    • Permissions are granted and monitored by managers in accordance with the principle of least privilege and the principle of gradually gaining trust;
    • SSH keys are protected by a password that meets security policy requirements;
    • In cooperation with the relevant services, a regular review of authorizations and access is carried out.
  • Access control to the Panel
    • The password selected by the customer must meet the complexity criteria specified in the user interface;
    • Only password hashes are stored on the servers;
    • The server room offers the option of activating two-step verification in the Customer Panel using a one-time password (OTP) system sent in SMS messages, a mobile application or a compatible U2F key.
    • The Customer may limit access to his Customer Panel only to previously specified IP addresses;
    • API access tokens can be used for their validity period without the need to subject them to additional controls;
    • All customer activities in the Customer Panel or API are recorded;
    • The customer can separate technical and administrative tasks related to service management.
  • Workplace safety and mobile equipment safety
    • Automatic update management;
    • Installing and updating antivirus program and regular scanning; • installation of applications from the approved directory only;
    • Systematic encryption of hard drives;
    • No administrative rights for employees in relation to their workstations;
    • Procedure for dealing with a potentially endangered workstation;
    • Standardization of equipment;
    • Procedure for deleting sessions and resetting workstations after an employee leaves the company.
    • Mandatory registration of devices in the central management system before connecting to internal resources (WiFi, e-mail, calendars, address books, etc.);
    • Verification of the security policy used in the device (unlocking code, blocking time, encryption of stored content);
    • Procedure for remotely wiping devices in case of theft or loss.
    • Securing standard workstations
    • Securing mobile devices
  • Network security
    • Maintaining inventory within the configuration management database;
      The process of securing a system, called hardening, with guides describing the parameters that need to be modified to ensure a secure configuration;
    • Access to Hardware Administrator features is restricted based on checklists;
    • All devices are administered through Bastion, according to the principle of least privilege;
    • All network hardware settings are retained in backups;
    • Logs are continuously collected, centralized and monitored by the network operations team;
    • Configuration implementation is automated based on approved templates.
  • Business continuity management
    • All systems and data necessary to ensure continuity of services, to reconstruct the information system or to conduct analysis after a failure are saved (technical and administrative database files, activity logs, source codes of internally developed applications, server, application and hardware settings, etc.) ;
    • The frequency, time and storage methods of backups are defined according to the needs of each saved resource; 
    • The backup process is monitored and covered by a warning and error management system.
  • Recommendations for the client responsible for data processing
    • Backup and centralized log storage;
    • Viewing logs and analyzing them by a limited number of authorized persons in accordance with the policy of granting permissions and managing access;
    • Division of tasks between teams responsible for operations performed on the monitoring infrastructure and teams responsible for operating the service. Below is a list of activities covered by the obligation to keep records:
      • Logs of backup servers where customer data is hosted;
      • Logs of machines managing the client's infrastructure;
      • Machine logs for monitoring infrastructures;
      • Logs of antivirus programs installed on all machines;
      • Log and system integrity checks, if applicable;
      • Tasks and events performed by the client in its infrastructure;
      • Network intrusion detection logs and alerts, if applicable;
      • Network device logs;
      • Logs of surveillance camera infrastructure;
      • Administrator machine logs;
      • Time server logs;
      • Access card reader logs;
      • Bastion logs.

§7 CHANGES TO THE PRIVACY POLICY

Questions and concerns regarding this Privacy Policy can be submitted to: This email address is being protected from spambots. You need JavaScript enabled to view it.

  • The privacy policy is constantly verified and updated, if necessary. The current version has been adopted and is valid from March 1, 2024

Read more …Privacy policy

  • Hits: 9276

More Articles …

YETIFORCE

KNOWLEDGE BASE

YetiForce S.A.
al. Jana Pawła II 22,
00-133 Warszawa, Polska

This email address is being protected from spambots. You need JavaScript enabled to view it.
+48 884 999 998

NIP: 118-000-24-25
KRS: 0000940956
REGON: 008163492

English

©2025 YETIFORCE. ALL RIGHTS RESERVED.