Security
We firmly believe that your platform security isn't something to be messed with. The platform was build by a team with decades of experience with enterprise software development with a focus on the necessary processes and requirements.
Application security features
-
Invitation only access
Membership is by invitation only and all distributed invitations expire.
-
Password policy
Can be defined by the client including length, expiry and characters.
-
Password Storage
One-way encryption algorithm used and passwords stored as a salted hash.
-
Access control
All access and every action in the system is logged. There is brute force attack prevention.
-
User tracking
Any data gathering is under the control of the user and happens with their express consent.
-
Session cookies
The system uses secure session domain cookies containing a session ID only, no user identifiable information is stored in that cookie.
Operational security features
- Client data is hosted in an ISO 27001 certified data centre - currently Centrilogic in Bracknell, UK
- The data centre facilities are protected with a redundant pair of dedicated firewalls, building a DMZ to separate Web-accessible Servers from the Database Servers.
- Access to our SaaS is encrypted and authenticated by a TLS 1.2 256-Bit Certificate. Https is enforced any http queries are redirected to https before processing.
- All passwords are stored encrypted. The entire database can be encrypted on demand using AES128,196, 256 or Triple DES encryption.
- Security testing - We have regular penetration tests on our hosted infrastructure
- Restore/Backup Policy - Daily incremental backups are made on-site. Full backup is made weekly. Bi-weekly full backups of client’s data are taken offsite. Backups are encrypted using AES encryption.