Difference between revisions of "Startup FAQ"
old>Admin |
old>Admin |
||
| Line 27: | Line 27: | ||
== Security == | == Security == | ||
=== Authentication === | |||
Authentication is based on username/password. | Authentication is based on username/password. | ||
| Line 39: | Line 39: | ||
* Google, Azure, Facebook, LinkedIn | * Google, Azure, Facebook, LinkedIn | ||
=== Authorization === | |||
User permissions are granted via inheritable group membership | User permissions are granted via inheritable group membership | ||
| Line 51: | Line 51: | ||
* Bulk operations | * Bulk operations | ||
=== Encryption === | |||
Transport encryption is based on SSL via HTTPS policies | Transport encryption is based on SSL via HTTPS policies | ||
| Line 60: | Line 60: | ||
Password are hashed using BCrypt algorithm. | Password are hashed using BCrypt algorithm. | ||
=== Protection === | |||
Platform complies with all requirements in OWASP level 2 | Platform complies with all requirements in OWASP level 2 | ||
* Hacking: SQL injection, XSS, CSRF | * Hacking: SQL injection, XSS, CSRF | ||
Revision as of 10:22, 19 February 2020
Data handling
Storage and backup
You can choose between
- On premisis (your location)
- Cloud hosting
Cloud hosting will be handled on AWS datacentres in either Ireland or Sweden.
Backup is done to segregated triple redundant storage
- Daily for at least a month
- Monthly for at least 2 years
Access and ownership
Data in the systems belongs to exclusively to the customer.
TS support will in some cases need to access data under non-disclosure obligations.
GDPR compliance and retention
The platform contains everything needed for GDPR compliance in you systems.
Using workflow automation automatic deletion or annoumization can be set up: This should be configured in accordance with your retention and privacy policy.
A data processing agreement will be issued to your organization automatically,
Security
Authentication
Authentication is based on username/password.
Optionally 2-factor authentication can be set up using af mix of
- SMS sent to phone
- IP address of callers
Single signon integration is included for
- ADFS
- LDAP (and AD)
- Google, Azure, Facebook, LinkedIn
Authorization
User permissions are granted via inheritable group membership
Authorization schemes
- Field level control
- State model
- Data ownership
Additionally special roles can be assigned
- Administrator (backend)
- Bulk operations
Encryption
Transport encryption is based on SSL via HTTPS policies
Storage encryption is best handled via operating system measures
- Linux: LUKS
- Windows: Bitlocker
Password are hashed using BCrypt algorithm.
Protection
Platform complies with all requirements in OWASP level 2
- Hacking: SQL injection, XSS, CSRF
- Password policies
Requirements
Languages
Frontend can run multiple languages simultanously.
- Preconfigured languages
- English
- Danish
- Other languages must be setup in the backend
Backend language is english
Software
User clients
A modern browser is needed
- Chrome
- Mozilla firefox
- Microsoft edge
To use certain features an office suite will be needed (any version later than 2010)
Servers (option)
On premesis installations will need
- Java 7+
- MySQL 5+
- Servlet engine
Skills
Developer (option)
In order to build and maintain applications 1 day of training is needed.
Administrators (option)
Platform maintainence upgrade requires very little skill, as software is self upgrading
- Stop service
- Copy archieve
- Start service
Licenses
Anonoumous users
Anonoumous users are paid for per interface: All users using a specific interface is counted as a single user license (1 SUL).
Light users
Some users will only cost a fraction of a normal user license (SUL)
- Only read access
- Infrequent users
- Simple solutions