About the solution
Security is a top priority at Proceedy and is considered a key part of our company culture. We develop our software based on the well known principles of “Security by design" and “Privacy by design”. We work together with The Alexandra Institute on the Sb3D-project.
Proceedy Timeline løsningen driftes hos Microsoft i deres driftscentre i Nord Europa og der henvises til deres dokumentation omkring sikkerhed og GDPR security website.
See links below for DPA and other terms
Proceedy Timeline uses de-facto web application frameworks to ensure the integrity of communication between the client and the server. These techniques include:
Passwords are never stored in plain text. They are all hashed before storing in the database and handled by specialized security software.
All files loaded into Proceedy Timeline are automatically scanned for viruses and malwares.
All external and internal communications require encryption via TLS, and all our web servers require an SSL connection from end users to access the application.
All stored data is encrypted when written to disk. In the case of a physical security breach, the attacker would have no way of reading client data.
Proceedy Timeline adheres to an agile methodology of development. The Application code is subject to automated testing for security and integrity. After the automated testing, the code is reviewed by at least two developers and put to test in a seperate test environment. The code is only released once all previous steps are completed. Every change is audited and traceable throughout the process.
Proceedy creates a daily backup of all your Proceedy Timeline data which is kept for an extended period of 7 days should a data recovery be needed.
All employees use company-supplied and -administered equipment that complies with the company's applicable IT security policy for encryption, access control and communication, etc., which means that your data is protected in the incidents of theft.
Any access given is done under the Principle of Least Privilege. This means that it is revoked upon e.g., employee termination. Where available, a two-factor authentication is required for all work applications. All access to Proceedy Timeline is being monitored and audited.
All users log in using a two-factor authentication. Whenever you log in, a one-time password is given which allows you to access to your data.
Every customer has an assigned administrator to help grant other users any required permissions. This ensures full control over the customer's data and who has access to it.
Proceedy employees are granted rights according to the work-related requirements and the Princible of Least Privilege. This ensures that our employees only have the necessary access to fulfill their task within Proceedy Timeline.
Every time you log in or change data, it is registered in the Proceedy audit log.