Security concerns
Security is a key concern for us and is part of our continuous improvement process.
What type of software is Hackolade Studio?
Our software product is of the type Commercial Off-The-Shelf (COTS) in the form of a downloadable client installed on individual workstations. It is NOT a SaaS (Software-as-a-Service) solution that would collect or store information. We collect, process or store NO data models, NO telemetry, NO personal information of any kind. No data comes out of your network, and we do not collect or store anything on any server.
Here's an architecture diagram to illustrate:
The purpose of the software is for data modeling of SQL and NoSQL databases, APIs, and storage formats.
Compliance certifications or accreditation like SOC 2 Type 2 or 3, or ISO 27001: what are Hackolade's internal controls related to: network security, security personnel, data security, operational security, risk management, asset management, business continuity, and disaster recovery?
The architecture of our solution must be taken into account. Hackolade Studio is a downloadable COTS client, and NOT a Software-as-a-Service solution that would store your data or data models. Also, our software has no telemetry, meaning that no information goes outside of your network. We don’t collect or store any of your information, except for the license key-related information as described in our Privacy Policy.
The application runs with no backend and no data storage. As a result, typical SaaS-related security assessments just don’t apply to us. Our software, since it is installed on hardware controlled by you, relies on your own security measures and controls.
As it seems to not be sufficient for some that we collect or store absolutely no data models or data from customers, we have completed a full security assessment with Risk Ledger, sort of a certification that our "Fort Knox" contains no gold...
Hackolade Studio is now also available in the browser. Is that not a SaaS solution?
The general understanding of SaaS solutions is that the provider stores customer data.
As a matter of fact, we tend to think that SaaS is a bit of misnomer as it implies more than "software as a service" but "software and data storage as a service". As data modelers, we know how important it is to match the right name with the meaning...
Hackolade Studio is a pioneer in a solution that we call "Bring Your Own Storage" to a true SaaS approach:
Read all the details of our security-first browser deployment.
Is Hackolade subject to DORA regulation?
The Digital Operational Resilience Act (DORA), officially known as Regulation (EU) 2022/2554, is a European Union regulation aimed at enhancing the digital operational resilience of the financial sector. It establishes a comprehensive framework for managing information and communication technology (ICT) risks, ensuring that financial entities can withstand, respond to, and recover from ICT-related disruptions such as cyberattacks or system failures.
As already established with several European customers in the financial sector, Hackolade is not subject to DORA because we sell a product and we do not provide ICT services. Additionally, the product is not mission-critical, and its architecture is such that there is no single point of failure as the client software is distributed to each user's workstation. And as demonstrate above in this page, we do not collect, process, or store any customer data. And we do not have any servers or database.