About the solution

Security

Security is our highest priority

Security is a top priority at Proceedy and is considered a key part of our company culture. We develop our software based on the well known principles of “Security by design" and “Privacy by design”. We work together with The Alexandra Institute on the Sb3D-project.

Proceedy Timeline løsningen driftes hos Microsoft i deres driftscentre i Nord Europa og der henvises til deres dokumentation omkring sikkerhed og GDPR security website.

See links below for DPA and other terms 

Application Security

Battle Tested Frameworks

Proceedy Timeline uses de-facto web application frameworks to ensure the integrity of communication between the client and the server. These techniques include:

  1. XSS protection
  2. CSRF protection
  3. Oauth 2 security framework (JWT token)
  4. Audit logging

Password Hashing

Passwords are never stored in plain text. They are all hashed before storing in the database and handled by specialized security software.

Virus and Malware Scanning

All files loaded into Proceedy Timeline are automatically scanned for viruses and malwares.

Network & Storage Security

Encryption in Transit

All external and internal communications require encryption via TLS, and all our web servers require an SSL connection from end users to access the application.

Encryption at Rest

All stored data is encrypted when written to disk. In the case of a physical security breach, the attacker would have no way of reading client data.

Operations

Agile Development with Code Review


Proceedy Timeline adheres to an agile methodology of development. The Application code is subject to automated testing for security and integrity. After the automated testing, the code is reviewed by at least two developers and put to test in a seperate test environment. The code is only released once all previous steps are completed. Every change is audited and traceable throughout the process.

Backups & Recovery

Proceedy creates a daily backup of all your Proceedy Timeline data which is kept for an extended period of 7 days should a data recovery be needed.

Employee Equipment

All employees use company-supplied and -administered equipment that complies with the company's applicable IT security policy for encryption, access control and communication, etc., which means that your data is protected in the incidents of theft.

Employee Access

Any access given is done under the Principle of Least Privilege. This means that it is revoked upon e.g., employee termination. Where available, a two-factor authentication is required for all work applications. All access to Proceedy Timeline is being monitored and audited.

Account Security

Two-Factor Authentication

All users log in using a two-factor authentication. Whenever you log in, a one-time password is given which allows you to access to your data.

Access Levels

Every customer has an assigned administrator to help grant other users any required permissions. This ensures full control over the customer's data and who has access to it.

Proceedy employees are granted rights according to the work-related requirements and the Princible of Least Privilege. This ensures that our employees only have the necessary access to fulfill their task within Proceedy Timeline.

Audit Tracking

Every time you log in or change data, it is registered in the Proceedy audit log.

Contact

Shortcuts

Socials

Linkedin

Privacy terms