INTRODUCTION

We value  security as a priority and are committed to making sure that any data you choose to store in your instance of Solverboard is safe and secure.

We always:

  • Use top tier infrastructure from leading providers (currently Amazon and Digital Ocean)
  • Store your data securely and reliably
  • Actively monitor threats and review our protection .
  • Follow information security procedures for both physical and technical processes

PRINCIPLES OF SECURITY

Solverboard is developed as a multi-tier application following secure software development principles. It consists of a Front-End application, written using the Angular JS framework (which has a proven track record for security).

The Front-End application communicates with a custom middleware application, written using the Laravel framework.

The Solverboard development team track the security alerts from both these projects, applying security patches as required.

Our technology is hosted in top facilities which offer the highest level of security standards and are  ISO 27001:2005 and PCI DSS compliant.

Solverboard is always served over HTTPS, this ensures that any communication from you to your Solverboard instance is always encrypted.

Each customers’ data is isolated in a multi-tenant database server, with each Solverboard only connecting to its own database instance. This ensures that there’s no possibility of other Solverboard customers accidentally accessing your data. )

All servers include logging and log management for ongoing monitoring of the servers.  These log access to the servers and flag exceptions and errors, and are reviewed regularly to ensure no breaches have occurred..

All servers are protected by multiple levels of protection and each server (database or web) is protected by a firewall. This firewall only allows http and https traffic, andSSH traffic for management. SSH access is only allowed via key pairs managed by the internal security officer.

Every release of new features in Solverboard is tested for security before it is implemented on  customer data, and data only moves from the staging (development) server to the live production server. It is impossible to move data from the live production server to the development server, which adds an additional layer of security.

Backups are encrypted and stored in a separate data center from the application.


ACCESS CONTROL

We run a a role based access control policy, storing all permissions and access within your instance of Solverboard.

Members of the Solverboard technical team do not require, or have access to your instance of Solverboard. Should technical issues occur, the Information security officer determines whether access is required and issues temporary access to the server.

If we need to access your Solverboard as a user, we will always ask you for temporary access before doing any diagnostics, and where possible we will strive to replicate the problems in our test environments without requiring access to your data.

Access to production servers is on a need to know basis, with responsibility lying with the Information Security Office.

As all deployments are automated, there is no need for anyone to  access the servers.


COMPLIANCE ACCREDITATION

All of our staff are highly aware of security issues and senior members of the Solverboard technical team are qualified in Information Security Management Principles.

We are  registered with the ICO as a data controller and are currently finalising our compliance with GDPR.

We are currently undertaking the process to achieve ISO27001 certification


ON-PREMISE HOSTING

For customers that are looking for the highest level of data-protection, we can offer an on-premise solution. Ask your account manager for more details if this is of interest.