Security, trust and assurance



Similar documents
Projectplace: A Secure Project Collaboration Solution

FAQ PROJECTPLACE SECURITY

Grow your business - with social collaboration] Minimise TCO - Maximise revenue growth

Security Information & Policies

Securing the Service Desk in the Cloud

ShareFile Security Overview

Woodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview

BMC s Security Strategy for ITSM in the SaaS Environment

RMS. Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles

FileCloud Security FAQ

Security Controls for the Autodesk 360 Managed Services

Enterprise level security, the Huddle way.

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Security Policy JUNE 1, SalesNOW. Security Policy v v

Five keys to a more secure data environment

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Security & Infra-Structure Overview

Paxata Security Overview

Media Shuttle s Defense-in- Depth Security Strategy

RAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER

Keyfort Cloud Services (KCS)

Security Controls What Works. Southside Virginia Community College: Security Awareness

Adopting Cloud Computing with a RISK Mitigation Strategy

University of Pittsburgh Security Assessment Questionnaire (v1.5)

Security and Data Protection for Online Document Management Software

SaaS Security for the Confirmit CustomerSat Software

Service Overview CloudCare Online Backup

Blue Jeans Network Security Features

HIPAA Privacy & Security White Paper

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

CloudDesk - Security in the Cloud INFORMATION

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Security Document. Issued April 2014 Updated October 2014 Updated May 2015

White Paper How Noah Mobile uses Microsoft Azure Core Services

Egnyte Security Architecture

GoodData Corporation Security White Paper

How To Use Egnyte

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM

FormFire Application and IT Security. White Paper

Troux Hosting Options

Supplier Security Assessment Questionnaire

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

GiftWrap 4.0 Security FAQ

SECURITY DOCUMENT. BetterTranslationTechnology

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

Securing Content: The Core Currency of Your Business. Brian Davis President, Net Generation

IBM Connections Cloud Security

HIPAA Security Matrix

Autodesk PLM 360 Security Whitepaper

Security Architecture Whitepaper

Enterprise Architecture Review Checklist

White Paper. Software as a Service by Yardi. Secure, seamless hosting and support

Hosted Exchange. Security Overview. Learn More: Call us at

Information That Should Help You Sleep at Night

UNCLASSIFIED. UK Archiving powered by Mimecast Service Description

Protecting Data and Privacy in the Cloud

IBX Business Network Platform Information Security Controls Document Classification [Public]

Druva Phoenix: Enterprise-Class. Data Security & Privacy in the Cloud

Supplier Information Security Addendum for GE Restricted Data

White Paper: Librestream Security Overview

The Education Fellowship Finance Centralisation IT Security Strategy

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Itron Cloud Services Offering

How To Backup Your Hard Drive With Pros 4 Technology Online Backup

SAS 70 Type II Audits

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD

SRG Security Services Technology Report Cloud Computing and Drop Box April 2013

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

Dean Bank Primary and Nursery School. Secure Storage of Data and Cloud Storage

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

Xerox Litigation Services. In the Cybersecurity Hot Seat: How Law Firms are Optimizing Security While Reducing Cost and Risk

Injazat s Managed Services Portfolio

EmpLive Technical Overview

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1

SHARPCLOUD SECURITY STATEMENT

Box: Redefining Security for the Cloud

Last modified: November 22, 2013 This manual was updated for the TeamDrive Android client version

This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered business sensitive.

MIGRATIONWIZ SECURITY OVERVIEW

CyberSource Payment Security. with PCI DSS Tokenization Guidelines

How To Secure Your Data Center From Hackers

Secure and control how your business shares files using Hightail

Security Whitepaper: ivvy Products

Is Your IT Environment Secure? November 18, Sarah Ackerman, Greg Bernard, Brian Matteson Clark Schaefer Consulting

Cloud Computing Thunder and Lightning on Your Horizon?

Introduction. Ease-of-Use

CBIO Security White Paper

SVA Backup Plus Features

Security Issues in Cloud Computing

TOP SECRETS OF CLOUD SECURITY

eztechdirect Backup Service Features

Collaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

BKDconnect Security Overview

Transcription:

Data sheet Security, trust and assurance A closer look at Projectplace safeguards Security: Projectplace protects every bit of your data Trust: Privacy is not dead at Projectplace, your data is yours Assurance: Tested and approved

Security, trust and assurance According to a cloud-computing, market-maturity survey, conducted jointly by Cloud Security Alliance (CSA) and ISACA* in 2012, top customer concerns about cloud computing include applicable legislation, data ownership, data retention, privacy and integration, as well as the traditional triad of security: confidentiality, integrity and availability. To address these concerns, Projectplace has established a security, trust and assurance ecosystem and implemented the measures, described in this knowledge document. Security Confidentiality Integrity Availability Trust Applicable legislation Data retention and ownership Integration with single sign-on (SSO) Privacy statement Cookie information Escrow and exit strategies Assurance ISO-27001 certified service Cloud Security Alliance- STAR Independent audits

Security: Projectplace protects every bit of your data Confidentiality Locked-up network perimeter The network containing the Projectplace production servers (the service) is protected by redundant firewalls, intrusion detection systems and load balancers. The Projectplace service is on a physically segregated network that requires two-factor authentication for administrative access from its office network. Projectplace proactively monitors and analyzes firewall and system logs to identify unusual traffic patterns, potential intrusion attempts and other security threats. Projectplace also uses reliable network monitoring services for its co-location facilities. Role-based access control at folder level Access control is native at every level in Projectplace. Project administrators can create user groups and assign access rights at the folder level, lock documents or hide boards to ensure confidentiality. Military-grade encryption Projectplace uses TLS protocol with 256 bit AES encryption to protect data in transit. No user data (including login information) is ever sent through unencrypted public channels. Furthermore, all documents stored in Projectplace are automatically encrypted with a unique key, using the AES-256 encryption algorithm, which is saved anonymously in order to prevent identification. The encryption keys are stored separately and precautions taken to prevent unauthorized access both to the encrypted document and its corresponding encryption key. Security of user data is of utmost importance to Projectplace. This is why some of the biggest businesses in the world and numerous government organizations across Europe entrust Projectplace with their information. Erkan Kahraman, Chief Information Security Officer All user passwords are stored in a one-way encrypted (SHA-1) format which is invisible to Projectplace employees thereby eliminating the ability to retrieve lost or forgotten passwords.

Strong passwords and unique user names Each Projectplace user is identified with a unique user name and authenticated with a personal password in the system. The required minimum length of a password is six characters. Policies with more stringent password requirements can be implemented either at the enterprise level for all projects under that enterprise account or at the project level by the project head administrator. This policy includes external members of enterprise projects. If a user s password does not comply with the policy, access to the project is denied. User-defined password requirements include minimum password length, complexity by means of a combination of upper/lower case characters, numerical digits and maximum password age. Two-step verification With two-step verification users accounts are protected by both their password and their mobile. We encourage all Projectplace users to enable this extra layer of user login security.

Integrity Physical and environmental measures The Projectplace server environment is hosted at two separate co- location facilities. This ISO-certified service organization provides server hall facilities with 24-hour physical security that includes comprehensive identification systems, automatic fire protection, redundant climate control and fail-over power supply. These meet the stringent requirements outlined in the VDMA 24991 international standard. Protection against malware Projectplace provides file-integrity monitoring and anti-virus software for all its critical systems commonly affected by malware. Since its start-up in 1998, Projectplace has been running its service with an average uptime of 99.9 per cent. Audit logging, monitoring and traceability Projectplace has comprehensive traceability through object history, with all changes logged and visible. Projectplace stores all data in a secure manner, with information intact from any changes in any manner.

Availability System status and performance The availability of the service and uptime status is monitored by Pingdom, an independent third-party. This information is published daily on the Projectplace website. Why publish information about system performance and status? Because Projectplace believes in transparency of system usage and system performance. When evaluating Projectplace or using the service, users may want to know how well Projectplace performs over time and how fast the service is. Multi-layer redundancy The Projectplace network infrastructure is designed with complete redundancy and maximum availability. In the event of failure, all operation-critical equipment, including routers, firewalls, web, application and database servers, as well as storage and network arrays, has been deployed and configured for seamless transition. The Projectplace network infrastructure is designed with complete redundancy and maximum availability. Web acceleration and content delivery by Akamai Through collaboration with CD Networks, one of the world s leading, distributed, computing platforms, Projectplace is now even faster and more reliable. This network platform increases both response time and performance. The service is faster, not only in non-european countries, but also in rapidly-growing markets, such as Germany and The Netherlands.

Disaster recovery and business contingency The Projectplace production system is run on a multi-site cluster at two geographically dispersed locations. All critical servers and applications are installed at both locations which, in the event of a major disruption or disaster, ensure business continuity. If one of the locations fails, the second site is configured to take over all production tasks, guaranteeing minimal service disruption or capacity loss. In the event of a major disruption or disaster at one or both production sites, an emergency response team, consisting of selected Projectplace staff, is summoned to activate the disaster recovery plan. Backup and restoration Projectplace has put into effect multi-step mirroring and backup routines for its production databases and document storage systems. In the unlikely event of multiple server failure, the backups serve the sole purpose of restoring the whole production system. Projectplace employees are unable to restore individual projects or documents from backups. All data stored on the primary database servers is mirrored on secondary servers in real time. The secondary servers are located at the second data center provider's co-location facility and are configured to automatically take over production tasks if a primary server fails. Projectplace business continuity plan ensures minimum disruption to our service with data centers in two geographically dispersed locations and real time data mirroring between them.

Trust: At Projectplace, privacy is in force. Your data is yours. Applicable legislation A significant, competitive Projectplace differentiator is its focus on the privacy and integrity of client data, which includes protection from potential access by overseas legislation, such as, for example, the United States Patriot Act. All its systems are hosted in Stockholm, Sweden, with client data never leaving its private cloud. Most competitors have data centers outside the EU and are therefore not immune to such legislation. Data ownership All user files stored in Projectplace are owned solely by the user. Users can download their files at any time during the project s lifecycle. When no longer using the service, archiving can be done offline. The service also features data portability, which provides users with tools to facilitate easy data exports; needless to say, access control rules apply. Data retention Once a user initiates the deletion of project data e.g. emptying a project s wastepaper basket or terminating a project the object referrers and its associated encryption keys are deleted from the Projectplace database. This initiates the garbage collection process: removal of the encrypted file from the data vault and overwriting of the data within 30 days. The process is identical for both primary and secondary data centers. User data is never stored on removable storage systems or backup media. Our service features data portability, we strongly believe in it. Single Sign-On (SSO) integration via SAML Projectplace supports Single Sign-On (SSO), using SAML and an active directory federation service for enterprise users. Single sign-on allows network users to access Projectplace without having to log in separately.

Escrow and exit strategies Projectplace has been a trusted service for cloud-based project management software since 1998. Over one million users in more than 160 countries use Projectplace successfully every day. Testimonials can be read on the Projectplace website. As one of the first SaaS providers, Projectplace is commonly used as an escrow medium for cross-organizational collaboration. For companies who work together but don t want the project documents to be hosted by either side, Projectplace is an ideal solution. While Projectplace does not support escrow agreements by default, it does give its users the technical assurance that all project documents and plans can be downloaded for off-line retention. All data stored on the Projectplace site is solely owned by the client. Upon deletion of a project or account, Projectplace does not retain any data. Documents can be downloaded if the clients wish to retain documents for a longer period. Privacy statement The sole personal information viewable by Projectplace support and sales staff is the user contact information i.e. name, e-mail address, address, phone number(s) and membership in projects. Projectplace employees are not allowed to access any user project data or uploaded documents Projectplace administrators are able to view the names of all projects and its members created within the service. Projectplace does not share this information with anyone, nor does it ever sell or market this information to any third party. Projectplace employees are prohibited access to any user project data or uploaded documentation. In fact, its extensive encryption procedures effectively prevents anyone (including employees) to access this information through normal daily operations or existing tools. Projectplace has formulated a privacy statement which explains how the company gathers and disseminates user-related information. The statement is available on the Projectplace website: projectplace.com/terms/privacystatement/. Cookie information Projectplace.com uses cookies to optimize the user experience. Cookies help make Projectplace work according to user expectations. Projectplace does not collect any personally identifiable or sensitive information without taking permission from the user.

Assurance: Tested and approved ISO-certified service Projectplace has been awarded ISO-27001 certification an international standard for information security. This includes pro-active management of information security risks and controls. ISO-27001, a high-end certificate, guarantees that Projectplace has well-established structures for information security that run throughout the organization from top to bottom. Cloud Security Alliance STAR The Security, Trust & Assurance Registry (STAR) of the Cloud Security Alliance (CSA) is a publicly accessible registry, documenting the security controls provided by various cloud computing offerings, which help users assess the security of cloud providers they currently use or are considering using. It is a simple but powerful idea: cloud providers post self-assessments of their cloud services, which CSA makes publicly available so that cloud consumers can make more informed purchasing decisions. Projectplace is proud to participate in this initiative and openly publishes information about its security controls in place. Independent audits Projectplace commits considerable resources to continually assessing security threats, as well as developing its infrastructure and system s security functions. The Projectplace infrastructure and application is subject to regular vulnerability scans (on a quarterly basis) with annual penetration tests carried out by independent third parties. These tests are repeated after any significant changes take place in its environment. Additionally, Projectplace entrusts external auditors to evaluate its information security practices and general IT controls.

Contact About Projectplace Projectplace, as a part of Planview, is a global leader in portfolio management and project collaboration. From small teams to large enterprises, leaders in every industry rely on the company s cloud solutions to empower organizations to reach their goals and drive results by optimizing the capacity of their people and financial resources. Planview s singular focus fuels a deep commitment to innovation and customer success. For more information, visit www.planview.com and www.projectplace.com. Sweden Projectplace International AB Phone: +46 8 586 302 75 Email: info@projectplace.se www.projectplace.se Denmark Projectplace Denmark APS Phone: +45 7020 8490 Email: info@projectplace.dk www.projectplace.dk Benelux Projectplace Nederland BV Phone: +31-20-889 21 01 Email: info@projectplace.nl www.projectplace.nl Norway Projectplace Norge AS Phone: +47 21 42 41 40 Email: info@projectplace.no www.projectplace.no Germany Projectplace GMBH Phone: +49 (0)69 380 7000 00 Email: info@projectplace.de www.projectplace.de United Kingdom Projectplace LTD Phone: +44 1189 657 736 Email: info@projectplace.com www.projectplace.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information