ProjectManager.com Security White Paper



Similar documents
Collaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

Secure, Scalable and Reliable Cloud Analytics from FusionOps

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD

SysAid IT On-Demand Architecture Including Security and Disaster Recovery Plan

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM

FormFire Application and IT Security. White Paper

Security from a customer s perspective. Halogen s approach to security

Tableau Online Security in the Cloud

KeyLock Solutions Security and Privacy Protection Practices

Clarizen Security White Paper

Security Whitepaper: ivvy Products

Supplier Information Security Addendum for GE Restricted Data

BMC s Security Strategy for ITSM in the SaaS Environment

State of Texas. TEX-AN Next Generation. NNI Plan

Remote Disaster Recovery Services Suite (nvision Edition)

Security Policy JUNE 1, SalesNOW. Security Policy v v

Level I - Public. Technical Portfolio. Revised: July 2015

Security Information & Policies

Security & Infrastructure White Paper

Powering the Cloud Desktop: OS33 Data Centers

FileCloud Security FAQ

Security Whitepaper. NetTec NSI Philosophy. Best Practices

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Mobile Mobile Security COPYRIGHT 2014 INTUITION ALL RIGHTS RESERVED. Copyright 2014 Intuition

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

SaaS Security for Confirmit Horizons

Fax

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Securing the Service Desk in the Cloud

Cloud Management. Overview. Cloud Managed Networks

Secure Data Hosting. Your data is our top priority.

SaaS Security for the Confirmit CustomerSat Software

BroadData Unified Meeting Security Whitepaper v4.2

Birst Security and Reliability

CONTENTS. Security Policy

HIPAA Privacy & Security White Paper

CLOUD FRAMEWORK & SECURITY OVERVIEW

Five keys to a more secure data environment

custom hosting for how you do business

GTS Software Pty Ltd. Remote Desktop Services

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

BOWMAN SYSTEMS SECURING CLIENT DATA

Autodesk PLM 360 Security Whitepaper

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

TONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES. Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1

Xerox Litigation Services. In the Cybersecurity Hot Seat: How Law Firms are Optimizing Security While Reducing Cost and Risk

ClickTale Security Standards and Practices: Delivering Peace of Mind in Digital Optimization

Famly ApS: Overview of Security Processes

YubiCloud OTP Validation Service. Version 1.2

data center - why choose a data center facility

Keyfort Cloud Services (KCS)

BOLDCHAT ARCHITECTURE & APPLICATION CONTROL

penelope athena software SOFTWARE AS A SERVICE INFORMATION PACKAGE case management software

IBX Business Network Platform Information Security Controls Document Classification [Public]

GTS Software Remote Desktop Services

The increasing popularity of mobile devices is rapidly changing how and where we

INDEPENDENT PRACTITIONER S TRUST SERVICES REPORT LIQUID WEB, INC.

Time to Value: Successful Cloud Software Implementation

Itron Cloud Services Offering

SECURITY OVERVIEW FOR MY.ENDNOTE.COM. In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our

Perceptive Software Platform Services

Document ID. Cyber security for substation automation products and systems

Table of Contents. Page 1 of 6 (Last updated 30 July 2015)

Security Features: Lettings & Property Management Software

Privacy + Security + Integrity

SECURITY DOCUMENT. BetterTranslationTechnology

HealthcareBookings.com Security Set Up

Cloud Management. Overview. Cloud Managed Networks

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

SNAP WEBHOST SECURITY POLICY

Addressing Cloud Computing Security Considerations

WALKME WHITEPAPER. WalkMe Architecture

Enterprise Architecture Review Checklist

Copyright Telerad Tech RADSpa. HIPAA Compliance

Enterprise level security, the Huddle way.

HIPAA Compliance for the Wireless LAN

Blue Jeans Network Security Features

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

CITY UNIVERSITY OF HONG KONG Physical Access Security Standard

managed servers - why choose a managed service provider?

colocation vs. managed servers - the difference

Understanding Sage CRM Cloud

System Security. Your data security is always our top priority

This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered business sensitive.

YubiCloud Validation Service. Version 1.1

Web Conferencing: Unleash the Power of Secure, Real-Time Collaboration

Splunk Enterprise Log Management Role Supporting the ISO Framework EXECUTIVE BRIEF

SITECATALYST SECURITY

Security Controls for the Autodesk 360 Managed Services

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

WHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery

White Paper. Prepared by: Neil Shah Director, Product Management March, 2014 Version: 1. Copyright 2014, ezdi, LLC.

Small Business IT Risk Assessment

Security and Data Center Overview

MIGRATIONWIZ SECURITY OVERVIEW

NetSuite Data Center Fact Sheet

Cherwell Software Hosted Environment

Transcription:

ProjectManager.com Security White Paper Standards & Practices www.projectmanager.com

Introduction ProjectManager.com (PM) developed its Security Framework to continue to provide a level of security for its clients commensurate with the times. The PM Security Framework consists of standards and practices that form a multi-tiered approach to safeguarding data integrity and confidentiality, as well as infrastructure and network stability. The Framework also embeds best practices for industry compliance through internal review and audits to maintain the most up-to-date security practices and protocols. The ProjectManager.com (PM) Security Framework includes: Application Security Network & Infrastructure Security Data Security Organizational Security Cloud Security Industry Compliance Keeping our customers data secure is core to our product development and testing processes, our customer service practices and our vetting of technology partners. About ProjectManager.com ProjectManager.com is a leading project management and work collaboration software-as-aservice (SaaS) platform. The simple yet powerful online project management tools enable teams throughout the enterprise to plan, track, monitor and report on tasks and projects in real-time. Since 2008, thousands of customers, including Fortune 500 companies and government agencies like NASA and the United Nations trust ProjectManager.com to manage their projects in the cloud. Teams of all sizes across a wide range of industries use ProjectManager.com for IT development, manufacturing processes, marketing campaigns, product launches, and civil engineering projects. The platform offers a comprehensive API and is also integrated with Google Apps, Zapier, MSProject and Excel. 2 ProjectManager.com Security White Paper

Application Security Cloud Authentication SINGLE SIGN-ON (SSO) The ProjectManager.com platform integrates with OneLogin to provide single sign-on solutions for all users. The OneLogin SSO service support organizations looking to implement two-factor authentication, a more secure process for validating and verifying identity. We also support SSO through Google Apps for Work. SESSION TIME-OUT To secure user accounts, ProjectManager.com enables an application sign-out after extended periods of inactivity. If you enable the auto-save data feature on your account, you can customize how often your data is auto-saved and ensure any changes since the last save are recorded in the event of session time-out. Once a session has timed out, users must re-login to their account. FORMS AUTHENTICATION All ProjectManager.com users are required to have a unique ID and password. Administrators in ProjectManager.com accounts manage and control individual user security and permissions, including adding or subtracting user licenses. Credentials are submitted through secured communications port (HTTPS/443) in order to establish a secure connection with the ProjectManager.com cloud. Users are not required to download or install software to access data or projects. Password Policy SECURE PASSWORD POLICY The secure password policy governs the creation and protection of the user s account data. Every ProjectManager.com user must have a unique account ID and password in order to access the service. Passwords are passed through to the web server and browser to the 3 ProjectManager.com Security White Paper

account online through a hypertext protocol secured connection (HTTPS), an industry-standard encryption protocol. ACCOUNT LOCKOUT As an added measure of protection against brute force attacks, ProjectManager.com initiates an account lockout policy. After numerous unsuccessful login attempts, the account will be locked. Security & Testing Processes The ProjectManager.com software development life cycle embeds defined security processes aligned with best practices into every phase. Defined application security processes are embedded into every phase of ProjectManager.com s software development life cycle (SDLC). Our team: Researches and adopts SaaS & Cloud Infrastructure security best practices Regularly conducts security reviews of architecture, new features, integrations and cross-platform solutions Conducts manual and automated source code reviews for vulnerabilities and code quality. Performs regular reviews and assessment of pre-production environments Encryption ENCRYPTION ProjectManager.com uses 256bit SSL encryption to safeguard customer data and our sites are protected by 2048bit Digicert certificates. All data between the user browser and the ProjectManager.com cloud is established through an HTTPS connection. This connection encrypts the communication and secures the web server identity. PASSWORD STORAGE ENCRYPTION All passwords stored on the ProjectManager.com cloud servers are encrypted using an industry-standard cryptographic safeguard to deploy additional layers of security. 4 ProjectManager.com Security White Paper

Network & Infrastructure Security Data Centers The ProjectManager.com cloud application is hosted by LiquidWeb in their highly secure data centers in Michigan Data Center. The ProjectManager.com dedicated servers have a global uptime average of >99.999% with Tier 1 Premium Bandwidth. DATA CENTER CERTIFICATES The ProjectManager.com servers meet the following standards for certification and compliance: SSAE-16 Audit Compliance HIPAA Compliance SafeHarbour Certified PHYSICAL SECURITY The ProjectManager.com servers are located at Liquid Web s highly secured Michigan Data Centers with the following security protocols in place: 24/7/365 Manned Facilities CCTV Security Cameras Covering Inside, Outside and All Entrances Site Entrances Require Electronic Perimeter Access Card System Sites Remotely Monitored By 3rd Party Security Company Entrances Secured by Mantraps with Interlocking Doors SSAE-16 & HIPAA Compliant, Safe Harbor Certified COOLING SYSTEMS Multiple Liebert 20, 22, 30 and 45 Ton upflow and downflow AC Units Stand alone HVAC systems that don't allow for large scale failure Designed For Addition of Air-Side Economization NETWORK HARDWARE 5 ProjectManager.com Security White Paper

Redundant Fiber Entrance Expandable to 1,840 Gigabits Per Second Multiple Redundant Gigabit Ethernet Links to Data Center 1 and Data Center 2 Fully Redundant Cisco 6509 Sup720 and Nexus 7000 Distribution Switches Redundant Gigabit Ethernet Links to Each Rack Switch Cisco 4948 48-Port 10/100/1000 Rack Switches The ProjectManager.com security processes support full redundancy, vulnerability management and business continuity plans. SERVER POWER & BACKUP Expandable 13,500 kva Utility Power Feeds Multiple ASCO Closed Transition Bypass Isolation Transfer Switches Multiple N+1 Generac Diesel Generators Multiple N+1 Powerware 9395 550 kva UPS systems Liebert & Eaton Power Distribution Units Multiple Service Entrance Feeds Disaster Recovery & Continuity The ProjectManager.com dedicated servers at LiquidWeb s Michigan Data Center are located in one of three highly secure facilities and offer continuous backup and business continuity. In addition to 24/7/365 onsite security, the servers are monitored 24/7 to assess system health, optimal performance and early detection of problems and have a dedicated immediate response team. REDUNDANCY ProjectManager.com has processes that require full redundancy with our network infrastructure, from Tier 1 Premium Bandwidth, to uninterruptible power supplies with redundant battery cabinets, to state-of-the-art environmental conditions and onsite security, The LiquidWeb Michigan Data Centers support all of those redundancy requirements, feature several zones for added redundancy within the region, as well as geographic redundancy for disaster recovery. VULNERABILITY MANAGEMENT Using a combination of manual and automated processes and tools, ProjectManager.com continuously monitors for security threats and has protocols in place to investigate and remediate any vulnerabilities. 6 ProjectManager.com Security White Paper

BUSINESS CONTINUITY TESTING In addition to our disaster recovery plan, ProjectManager.com and its data centers operate with a business continuity plan. That plan calls for regularly testing to ensure network infrastructure and security processes are working according to plan. Our Business Continuity Plan is a comprehensive approach to restoring all systems as quickly as possible in the event of any service interruption. Firewalls ProjectManager.com has secured data in a number of ways, including the implementation and regular management of system firewalls. Engineers regularly apply tests to the firewall to ensure operability and compliance with the latest threats to cyber security. In addition, our servers are built with full redundancy in order to secure data in the event of any impacts. 7 ProjectManager.com Security White Paper

Organizational Security Processes ProjectManager.com has developed internal policies that are best-in-class for managing data and security risks. Our infrastructure and development team defined and implemented strategies for escalation, management, risk assessment, disaster recovery, business continuity and ongoing operational management. We continually strive to improve our processes over time with a continuous assessment and monitoring model and regular assessments of processes and protocols. NIST CYBER SECURITY FRAMEWORK ProjectManager.com follows the guidelines set out by the 2014 NIST Cyber Security Framework, a collaboration between the U.S. government and industry in response to Executive Order 13636 Improving Critical Infrastructure Cyber Security, issued in February. The framework is categorized by five key policies Identify, Protect, Detect, Respond and Recover in order to follow a comprehensive planning, monitoring and action response plan to bolster cloud security. For more information about how ProjectManager.com aligns to the NIST Cyber Security Framework, refer to the NIST Cloud Security Checklist document located here. Personnel ProjectManager.com has strict security policies for employee access to customer data. All data access events are monitored and logged, and we restrict access to customer data to those with appropriate internal clearance. Access to data centers requires authentication along with personal certificates and is tightly restricted. All employees are bound by our confidentiality agreement and our acceptable use agreement, as well. Privacy Internal processes are designed to safeguard customer privacy and confidentiality of sensitive information. The ProjectManager.com Privacy Policy discloses the type of information we can collect and how we may use this information. We do not collect personally identifiable information unless voluntarily submitted by visitor to our sites or service. Access to customer data is strictly limited to select personnel and only on an as-needed basis. 8 ProjectManager.com Security White Paper

Contact Us The ProjectManager.com Support Team is available Monday through Friday, 8 am 6 pm Central Time. Office Address 3420 Executive Center Drive Suite 160 Austin, TX 78731 T: 800-765-2495 support@projectmanager.com 9 ProjectManager.com Security White Paper

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information