Working Sets: Working with existing Working Sets
Our team here at Intland Software takes great care to ensure security throughout our processes, products, and the public environment we use to host our SaaS products. Choose a topic below to learn more about our approach to various aspects of security:
Processes & Measures
Product Security
Security of Hosted (SaaS) Solutions
Processes and Measures
Intland Software has a robust Quality Management System in place that regulates our internal processes and defines the way we respond to certain security events.
These processes and measures were designed to efficiently implement and demonstrate Intland’s commitment to the quality, safety, and reliability of our products and services.
Security Incident Management
Security incidents are a fact of life. While we can’t avoid them, we have defined effective processes around the management of these incidents to make sure that their impact is kept to a minimum.
Intland’s support team strives to provide an effective response to all incidents. As per our SLA, security-related issues are always assigned a high priority.
We encourage our customers and other parties to report all suspected security incidents using Intland Software’s Service Desk. We’ll investigate and handle the issues you submit here according to the severity level you define, giving you confidence in the appropriate management of the issue.
Regular Risk Assessment
We believe that risk-based thinking and the implementation of a systematic risk evaluation system is necessary to avoid failures and defects. It is helps us discover opportunities for further improvement.
Therefore, Intland takes a disciplined approach through established processes to define, manage, analyze, and systematically reduce risks across our activities. These processes, laid out in our Standard Operating Procedures (part of the QMS), help us avoid any harm resulting from critical situations caused by detected risks. Intland implements Preventive Actions to mitigate any and all risks with possible negative effects, and we handle non-conformities via Corrective Actions. Our Management is committed to implementing measures to constantly improve the security and quality standards of our products and services.
Penetration Tests Report Handling
We’re confident about our approach to security. But we don’t want you to just take our word for it: our customers are welcome to contract 3rd party organizations to conduct penetration testing on Intland’s software products. We’re happy to prove our security features, and the results of all penetration tests help us further improve our security measures.
Privacy Policy and Privacy Notice
We aim for full transparency and compliance with regulations (such as GDPR) in how we manage user data. We stick to the principles laid out in our Privacy Policy that is published and kept up to date on the Intland website: https://intland.com/privacy-policy/.
This policy covers the tools and activities we employ to manage the personal information you trust us with. Also, we placed privacy notices at all relevant touch points (such as forms to be submitted on our website) that clarify our approach to compliance and the handling of your personal data, with a link to our Privacy Policy for more clarification.
Business Continuity and Recovery Plan
As a part of the improvement our security measurements Intland will soon publish a Business Continuity and Disaster Recovery Plan with Reports of periodic “Crash Test”. It is expected Q3 2019.
Product Security
At Intland Software, we use mature processes to ensure and to periodically assess the security of our products.
In May 2019, we carried out a self-assessment using Google’s Security Assessment Questionnaire (VSAQ) to analyze and demonstrate the robustness of our security program. We passed the check with flying colours. Below, we’re listing the most important aspects of our security program:
- Web security & vulnerabilities: Our products are only available over HTTPS, and we’re protected against common web vulnerabilities. We also have HTTP Strict Transport Security (HSTS) deployed on our servers.
- SSL/TSL: We have taken all necessary steps to protect our SSL/TSL private keys, and we also have specific controls in place to prevent mixed-content (non-SSL content) issues. The SSL cipher suite is regularly reviewed, and our server supports ECDHE and DHE ciphers that offer forward secrecy.
- Authentication and Authorization: Users self-register and set their passwords online directly within the application. There’s a safe method for password recovery, and inactive sessions automatically time out. User passwords are encrypted. We support the following SSO mechanisms: SAML 2.0, OpenID Connect / OAuth2 Login, OpenID 2.0, LDAP / Active Directory. Our OAuth2 library is always updated with the latest security fixes.
- Access control: We have both horizontal and vertical access control on the server side.
- QA, testing, post-launch monitoring: We have robust testing practices in place, and our QA process explicitly includes testing for security issues. We have procedures in place to log and monitor for unexpected issues, and investigate these in a timely manner.
Security of Hosted (SaaS) Solutions
Intland Software’s SaaS (web hosted) solutions are provided via Amazon Web Services (AWS), where cloud security is the highest priority. You’ll find more information about the security measures at the links below.
AWS’s set up, backup, and recovery guide here:
https://aws.amazon.com/getting-started/use-cases/backup-and-recovery/
AWS’s Security and Compliance policy:
https://docs.aws.amazon.com/whitepapers/latest/aws-overview/security-and-compliance.html
