¶ JOIN Zaaktypen
JOIN Zaaktypen focuses on simple, fast and complete management of case types. The information model of JOIN Zaaktypen is based on GEMMA ZTC 2.1. This extensive information model is also applied within other government domains such as water and safety instances. JOIN Zaaktypen is completely integrated with JOIN Case & Document, this allows the case system to be managed entirely with the JOIN Zaaktypen configuration.
¶ Architecture
Zaaktypen’s architecture consist of 2 main components Frontend and JOIN Case and Document Sync service. All the casetypes published from Zaaktypen are sent to ZTC sync service via Azure topics for reliable delivery. Once ZTC Sync service gets the message or on periodic interval it retrives the casetypes to be sync with JOIN Case and Document. Older casetypes are archived and alwasy accessible in Zaaktype
Also, It notifies all the configured vendors about meeting’s update. Using OData service vendors can retrieve meeting, metadata and meeting files.
¶ Security
Join Zaaktypen uses cloud IDP service to manage user identities and licensing information. Decos is an ISO-27001 certified company. This well-known security standard runs a wide variety of security measures that cover the entire company and all processes. Using an Information Security Management System (ISMS), all processes involved in the development, hosting and support of the JOIN Application are covered.
¶ The certification covers:
► Security Policy
► Device Management
► Personnel Management
► Access Management
► Storage & Encryption Management
► Vendor Management
► Incident Management
► And More
Our ISO certification and Statement of Applicability can be shared with customers upon request.
Microsoft Azure is our host provider and has a wide variety of ISO certifications. ISO-27001 is one of them. See https://servicetrust.microsoft.com/ for full details.
¶ To test
ISO-27001 ensures that software security is included in our development processes. A security checklist based on the OWASP Top 10 is known to all developers and is part of the Definition of Done (DoD).
Automated security
Additional security is automatically tested using tooling. All developers use OWASP ZAP to scan their applications. The Quality Assurance department monitors the software release candidates using BurpSuite and reports to the Product Owners and Security Officers at Decos.
¶ Penetration Tests
Apart from testing using tools, all products in the JOIN Suite are subject to an external audit at least once a year. This audit is a requirement for ISO-27001, but it is also a requirement of Logius to be able to link applications to DigiD. The auditors also conduct a thorough penetration test.
Decos also has an internal penetration testing scheme in which the developers try to hack into each other’s applications. This is a recurring process and part of our ISO-27001 procedures.
¶ Responsible Disclosure
It is possible that there are still bugs in the released software. We ask ethical hackers to work with us using a Responsible Disclosure Policy. We will reward any security issue that was not yet known to us, as long as the hacker has not abused his findings.
See our Responsible Disclosure Policy online: https://www.decos.com/en/security .
¶ Encryption and Backup
All data is captured in a Microsoft Azure Recovery Services Vault with a minimum storage time of 30 days. This applies to all files stored in the applications as well as in the databases.
All data is encrypted at rest. Storage Accounts using Azure Storage Encryption ( https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption Z ) and databases are encrypted at rest using Transparent Data Encryption ( https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data- encryption-tde-overview?tabs=azure-portal)
The recovery point objective (RPO) can be anywhere in the retention periods. The recovery time objective (RTO) is considerably limited. Depending on the amount of data being saved, the recovery process is usually completed within an hour.
¶ Integrations
Join Zaaktypen is integrated only with JOIN Case and Document for publishing the casetypes. But we have below integrations with other case type configuration systems.
- iNavigator
¶ Performance & Scalability
Join Zaaktypen is hosted in Microsoft Azure data centres in the Western Europe region. Join Zaaktypen is only a cloud solution and cannot be hosted on site. By leveraging the power of Microsoft Azure, Agenderen’s uptime is at least 99.95%.
Zaaktypen’s data is stored in cloud and can be retrieved at any time in future.
¶ Browser support
Major browsers like Chrome, EDGE and Firefox are supported for JOIN Zaaktypen.