About the solution
Security is a top priority at Proceedy and is considered a key part of company culture. We develop our software after the well known principles of “Privacy by design”.
All of the Proceedy Timeline infrastructure is hosted at Azure cloud in the EU. For more information regarding their security practices, please visit their security website.
Below are links for DPA and other terms
Proceedy Timeline uses de-facto web application frameworks to ensure the integrity of communication between the client and the server. Techniques include:
Passwords are never stored in plain text. They are all hashed before storing in the database and handled by specialized security software.
All files loaded into Proceedy Timeline are automatically scanned for viruses and malware.
All external and internal communication requires encryption via TLS. All of our web servers require an SSL connection from end users in order to access the application.
All stored data is encrypted when written to disk. In the case of a physical security breach, the attacker would have no way of reading client data.
Proceedy Timeline adheres to an agile methodology of development. Code is subject to automated testing for security and integrity. After automated testing, code is reviewed and signed off on by another engineer for security and integrity. Then the code is tested for quality in a test environment. The code is allowed to be released only when all previous steps are completed. Every change is audited and traceable at all times.
All data stored within Proceedy Timeline is automatically backed up on a daily basis and retained for an extended period of 7 days. In the case of a disaster recovery scenario, this data can be used to restore the application back to the last known operational state.
All employees use company-supplied and -administered equipment that complies with the company's applicable IT security policy for encryption, access control and communication, etc. This ensure that data is protected in the event of for example, theft.
All access is given under the principle of least privilege. This access is revoked upon employee termination. Where available, two factor authentication is required for all work applications. Access is monitored and audited.
Every user account has two factor authentication enabled to add an additional security layer to your account. Every time the user logs in with username, password and a one-time login code to access your data.
Every customer administrator within Proceedy Timeline can control who has access to data. This ensures privileged and confidential information stays that way, while allowing the user to invite collaborators.Proceedy employees are granted rights according to work-related needs and 'least privilege'. This ensures that employees only have the necessary access in relation to the work the employee handles in proceedy.
Every time you log into Proceedy Timeline, a unique "session" tied to your web browser and changes to data is logged for audit purposes.