Secure and Scalable | Olli

Secure

OLLI has been designed from the ground up with security in mind and follows the guidelines of the OWASP Application Security Verification Standard (ASVS). This international standard provides clear quality criteria for the development of secure software, ranging from authentication and session management to data storage and communication. By consistently applying these standards, OLLI's security does not depend on individual measures, but is structurally built into the architecture.

This means that every layer of OLLI—from infrastructure and APIs to user interfaces—has been tested against robust security principles. These include encrypted data storage, secure protocols for data transport, and strict access and authorization mechanisms. This allows organizations to trust that their data and processes in OLLI are not only managed practically and efficiently, but also meet the highest security standards.

Plan Demo

Scalable

OLLI is built for growth and flexibility. The platform runs on a state-of-the-art cloud infrastructure that not only guarantees high performance and reliability, but also effortlessly adapts to the scale of your organization. Whether you have a small number of users or thousands, with OLLI you don't have to compromise on speed or availability.

Thanks to the virtually unlimited expansion possibilities of the cloud platform, capacity can easily be scaled up when demand increases, for example during peak periods or rapid international growth. This means OLLI is always ready to grow with your ambitions, while you benefit from a stable, secure, and future-proof environment.

Information security

The OWASP Application Security Verification Standard (ASVS) Level 2 standard focuses specifically on application security and closely aligns with the underlying objectives of ISO27001 and the associated Annex A controls. In concrete terms, this means that we:

Risicogebaseerde aanpak hanteren: wij voeren periodieke interne en externe beveiligingsaudits en risicoanalyses uit een en nemen mitigerende maatregelen in lijn met de risicobeoordeling (vergelijkbaar met ISO27001, hoofdstuk 6) waaronder periodieke PEN-tests door gecertificeerde experts.
Structurally implementing security measures: our development and management processes are strictly organized in accordance withASVS Level 2, which means that topics such as access security, encryption, logging, monitoring, vulnerability management, and patch management are structurally guaranteed (comparable to ISO27001 Annex A measures).
Maintaining policies and procedures: we have internal guidelines and security policies for access management, incident management, and change management, among other things.
Continuous improvement: we periodically review our measures through internal audits, security tests, and external penetration tests. Findings are systematically followed up and incorporated into improvement plans.
Accountability: upon request, we can provide documentation demonstrating how our measures are in line with the relevant sections of ISO27001 and Annex A.

Our cloud infrastructure provider has the relevant certifications and attestations for cloud security, including ISO/IEC 27001(information security),ISO/IEC 27017(cloud-specific security measures), andISO/IEC 27018 (protection of personal data in the cloud). This means that we, through our hosting partner, comply with cloud security requirements. Specifically, this means:

Thecloud infrastructure (IaaS) is provided and secured by the provider.
Within OLLI, we guarantee the application and organizational security measures, including access management, logging, encryption, and vulnerability management.
Together, this forms a comprehensive security model in which responsibility for the cloud layer is covered by the provider'sISO27017 certification, and application security is set up by us in accordance with ASVS Level 2.

We can provide the provider's most recent certification documentation and SOC reports upon request.

Security Measures

Strong Passwords

OLLI forces users to use strong passwords.
Multi-Factor Authentication

Users are strongly advised to enable MFA. This is mandatory for administrator roles.
IP Whitelist

Login attempts from a new IP address are verified with the user.
Web Application Filter

Our platform is equipped with comprehensive firewalls and filters for detecting malicious requests.
CAPTCHA verification

OLLI uses CAPTCHA checks to keep out robots and other automated traffic.
Role-based rights

Users are assigned one or more roles that determine their level of privileges.
Encryption of data and files

Personal data and files are stored at rest using strong encryption.
Rate Limiting

With Rate Limiting, we ensure that the number of requests (e.g., login attempts or API calls) per user or per time unit is limited. This prevents abuse, such as automated attacks or system overload (Denial of Service). In this way, the availability and reliability of OLLI is guaranteed.
Anomaly detection

With anomaly detection, we continuously monitor OLLI usage and identify patterns that deviate from normal behavior. Examples include unusually high numbers of deleted records, exports, or logins from unusual geographic locations. As soon as such an anomaly is detected, the system can automatically take measures or issue a warning so that potential security incidents can be quickly investigated and mitigated.
Built-in virus scanner

All uploaded files are checked by the built-in virus scanner before they are included on the platform.