Testa

The Conductor Tool redan idag.

Try

The Conductor Tool today.

Security

Security

IS Tools' systems are set up and managed to support mission-critical applications and we are committed to provide a reliable, available and secure enterprise-grade solution for you. At all times, IS Tools prioritizes security, integrity and performance.

Lista med ikoner: 

Location

IS Tools delivers an enterprise-grade service via strategically selected data centers worldwide. The main data center in Sweden is located in an old nuclear bunker from the Cold War. Its entrance is protected by a 40-centimeter thick steel door. The hosting location and the state of the art security systems ensure a high level of security.

Fire detection and suppression

A state-of-the-art smoke and gas detection system is installed. Suppression equipment has been installed to reduce fire hazards. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms and generator equipment rooms.

Power supply

The data centers electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 x 7. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use two redundant diesel generators to provide backup power for the entire facility.

Climate and temperature control

Climate control maintains a constant operating temperature for servers and other hardware to prevent overheating and related service outages. Data centers are conditioned to maintain atmospheric conditions at optimal levels. Monitoring systems and data center personnel ensure the correct temperature and humidity levels.

Firewall

Firewalls are utilized to restrict access to systems from external networks. By default, all access is denied and only explicitly allowed ports and protocols are allowed, based on business needs.

Port scanning

Port scanning is prohibited and every reported instance is investigated by our infrastructure provider. When port scans are detected, they are stopped and access is blocked.

Backup

Data is backed up from the primary data center to a different secure location every night. Backups are kept for 30 days. IS Tools maintains a comprehensive backup solution that includes website code, static files, and online backup of the database.

Employee access

IS Tools employees never access data on production servers unless required for support reasons. Support staff may sign into your application to view settings and data related to your support issue. Such access is granted on a temporary basis and support staff will only access data needed to resolve the issue.

Disaster recovery

IS Tools has implemented a comprehensive disaster recovery plan, taking into account a full loss of data center or destruction of IS Tools office. All application functionality and data at the latest backup will be restored at another data center and network traffic will be redirected to this location.
IS Tools' operations team maintains full ability to manage production environments in the event of an outage affecting IS Tools office. All email and telephone support can be remotely accessed.

Vulnerability monitoring

Our vulnerability management process is designed to remediate risks without customer interaction or impact. IS Tools is notified of vulnerabilities through internal and external assessments, system patch monitoring, and third party mailing lists. Major vulnerability is reviewed to determine if it is applicable to our environment, ranked based on risk, and assigned to the appropriate team for resolution.

Monitoring

Several processes for monitoring production servers are in place. Some examples of this are:
- Server monitoring
- Infrastructure monitoring
- Security monitoring

Data ownership

All data in customer applications is fully owned and managed by our customers. IS Tools does not claim ownership of customer data. Customers can export application and meta data (table and field configuration) at their discretion.

System updates

IS Tools utilizes an automated build and test system to ensure consistency, reliability, and to minimize risk of human error in the deployment process.
There is a comprehensive process for testing before performing production releases, including both manual and automated tests. Before a production deployment, the new version has first been released to internal testing and staging environments.
Security alerts and OS patches are monitored and implemented with minimal or no downtime for our end users.
Security

Network security

IS Tools' servers are connected to the Internet and are protected by a firewall that limits incoming connections to only the ports intended for the application or support functions.
IS Tools limits privileged access both to the information on the production servers and to the servers themselves strictly to its full-time operations and support team. Network layer controls ensure that privileged access is always enforced, using an encrypted tunnel.
We protect your login from brute force attacks with rate limiting. All passwords are filtered from all our logs and are one-way encrypted in the database. Login information is always sent over SSL.

Logical security

Logical security is provided at multiple levels: network firewall, encryption, user credentials and fine-grained user permissions. Client access to the hosted server is entirely through IS Tools' application which is accessed over a HTTPS (encrypted HTTP) protocol. By default, all non-critical or unused services are disabled.

Physical security

The data center is based in a nuclear bunker from the Cold War, ensuring extreme entrance security. The exterior physical security is of military grade. All persons entering the data center are authorized and verified. All access is logged. Data center access is limited to data center technicians and approved IS Tools staff.

Authentication

Users are required to use a username/password combination to gain access to any services. Passwords must meet the configurable complexity, re-use and expiry rules. We also allow you to use two-factor authentication, as an additional security measure when accessing your applications. Automatic systems are in use to prevent brute-force attacks on the login functionality.

Roles and permissions

Users accessing the application residing within IS Tools are individually created and managed by you. You have the possibility to view, modify or deactivate these user accounts. IS Tools has a highly advanced data permission setup, enabling you to set permissions on roles or users for administration forms, application configurations, record groups and individual data records.

Change logging

The system allows logging data changes so that you can analyze which users that made changes to the data and when.