FAQ PROJECTPLACE SECURITY

FAQ PROJECTPLACE SECURITY

This FAQ sheet is intended to provide a better understanding

of Projectplace and its security services with respect to areas

such as backup, safeguards and certifications. For questions

unanswered here or elsewhere on the Projectplace website,

please contact Projectplace at

[email protected]

1. What is the additional privacy benefit

of using a service within the EU?

A significant competitive differentiator for Projectplace is its focus on providing user data integrity, which includes safeguarding potential ac-cess from overseas legislation such as, for example, the United States Patriot Act. All Projectplace systems are hosted in Stockholm, Sweden: user data never leaves the private cloud. The majority of competitors have data centres outside the EU and therefore lack immunity to such legislation. This, however, solely covers data stored in the Projectplace systems: data linked to projects in the Projectplace service through the use of integration tools (e.g. GoogleDrive and Dropbox) is not protected as described above.

2. What third-party audits are performed

in the Projectplace environment?

The Projectplace infrastructure and application are subject to vulnerability scans, regularly performed on a quarterly basis. Annual penetration tests are carried out by independent third parties. These tests are repeated whenever any significant changes occur in the Projectplace environment. Projectplace has an established information-security-management system, which was awarded ISO 27001certification by Intertek, an inde-pendent auditor. A copy of this certificate can be viewed on the company web site www.projectplace.com. Furthermore, Projectplace entrusts external auditors (Deloitte) to evaluate its information security practices and general IT controls.

3. What is the approach used when a client requests

to have a security audit of Projectplace conducted?

Projectplace has an open policy that allows its clients to perform security audits of its service. The audit may be performed by either the client or a third-party supplier appointed by the client, provided that sufficient non-disclosure agreements have been completed and testing pre-condi-tions, defined by Projectplace, have been mutually agreed upon. Testing pre-conditions typically include dedicated timeframes, static source IP addresses, defined test types (avoiding destructive tests, such as denial of service and DNS poisoning), etc.

Table of content

1. Privacy benefit 2. Third-party audits 3. Security audit

4. Physical access to user assets 5. Information protection 6. User data and safeguards 7. Sensitive data and encryption 8. Access to the databases

9. Customer data and Projectplace staff 10. Data-backup and data-retention

policies

11. Backups and operating data 12. Projectplace servers

13. RTO, RPO and disaster recovery 14. User data and contract termination 15. Web-application attacks 16. User credentials and secure login 17. Additional password settings 18. Viruses and malware

19. Sensitive user information and SLA 20. Terms and conditions SLA 21. Two-factor authentication 22. Single-Sign-on (SSO)

23. Single-Sign-on (SSO) through SAML 24. Filtering IP addresses

25. IPCI DSS-certified service provider 26. In case of bankruptcy or a change

in business

27. Information security management system

4. How is physical access to user assets and/or

informa-tion controlled and restricted solely to authorised staff?

The Projectplace server environment is hosted in two separate co-location facilities and is operated by Qbranch 365/24 AB in Stockholm, Sweden. Qbranch AB, www.qbranch.se is a profitable, rapidly-growing co-location provider, assigned with an AAA rating. The ISO 20000-certi-fied, service organisation provides server hall facilities with 24-hour physi-cal security. This includes comprehensive identification, access control and monitoring systems, automatic fire protection, redundant climate control and fail-over power supply. All physical access to Projectplace data centres operated by QBranch is logged and monitored in real time. CCTV images from inside the data centre are retained for 90 days.

5. How is user information protected from unauthorised

networkaccess, such as malicious internal users and

external hackers?

The network containing the Projectplace production servers (the service) is protected by redundant firewalls, intrusion detection systems and load balancers. The Projectplace service is located on a physically segregated network that requires two-factor authentication for administrative access from the office network. Projecplace proactively monitors and analyses firewall and systems, using its internal system for security information and event management to identify unusual traffic patterns, potential intru-sion attempts and other security threats. Network monitoring services, provided by Qbranch 365/24 AB for the co-location facilities, are used as well.

6. How is data from a particular user segregated from that

of other clients? What safeguards are in place to prevent

users from accessing one another’s data?

Projectplace achieves logical separation of user data through object level access controls and encryption. In Projectplace, each object links to a file individually encrypted, using an AES-192 algorithm. Access controls are implemented at the object level to prevent unauthorised users from accessing data. Production or user data is not used in the Projectplace testing environment. Production and test environments are physically segregated; only dummy user data is used in testing. Projectplace does not store user data on backup media; instead, it relies on real-time rep-lication of data (through mirroring and snapshots) in redundant systems for availability (hosted at co-location sites as described above). Security controls for the segregation of user data are identical in both environ-ments.

Safeguarding against potential access from overseas legislation

All Projectplace systems are hosted in Stockholm, Sweden and the custom-er data nevcustom-er leaves our private cloud therefore it is immune from overseas legislation from outside the EU, such as the United States Patriot Act.

7. How is sensitive data, stored and transmitted by

the Projectplace service protected? Which encryption

methods are used?

Data in transit is encrypted with 256 bit SSL (version 3) and TLS (ver-sion 1) protocols, using a 2048 bit RSA public key for key exchange. User data (including login information) is not sent through unencrypted channels. Details of the Projectplace encryption certificate can be viewed on the public web site. All documents stored in Projectplace are auto-matically encrypted with a unique key, using the AES-192 encryption algorithm. Documents are saved anonymously, rendering identification impossible. Encryption keys are stored separately, with precautions are taken to prevent unauthorised access both to encrypted documents and their corresponding encryption keys. User data is not stored in the Projectplace database; only the objects which refer to the encrypted files are stored in the data vault.

8. Who at Projectplace has access to the databases?

Only a very limited number of system operation team members (fewer than ten) have access to the production databases through two-factor authentication.

9. What customer data stored in the Projectplace

system can be viewed by Projectplace staff?

Only the user’s contact information - i.e. name, e-mail address, address, phone numbers and project membership can be viewed by Projectplace support and sales staff. Projectplace administrators are able to see all project names and their members that have been created in the system. This information is neither shared with anyone, nor sold or marketed to any third party (see Privacy Statement: www.projectplace.com/terms/ privacy-statement/.) Projectplace staff is prohibited from accessing user project data or uploaded documentation. In fact, the extensive encryp-tion procedures effectively prevent anyone (including Projectplace staff) from accessing this information, using normal daily operations or existing tools. To obtain access to project data and recover project files, an administrator would need to retrieve the encryption key for each indi-vidual object and decrypt each file. To prevent unauthorised retrieval of customer data, mechanisms for access control (through two-factor authentication), logging and monitoring have been implemented.

Continuous security testing

The Projectplace infrastructure and application are subject to vulner-ability scans, regularly performed on a quarterly basis. Annual penetration tests are carried out by independent third parties.

10. What data-backup and data-retention policies

and procedures are applied to the information

stored in the Projectplace service?

Multi-step mirroring and online backup routines for production databases and document storage systems have been put into effect by Project-place. These mirrored data vaults are subject to security control identical to that of the production system. User data is not stored on removable backup media (i.e. tapes). Online backups (snapshots) of the Project-place database do not contain user data (only object referrers). The backups serve the sole purpose of restoring the whole production sys-tem in the unlikely event of multiple server failure. Projectplace employ-ees are unable to restore individual projects or documents from these backups. Upon client request, Projectplace has procedures in place for the removal and secure disposal of user data. These procedures include deleting encrypted files from the data vault, removing the referrer object and encryption key from Projectplace databases and overwriting the allocated memory space in the data vault so as to prevent restoration. At the end of their life cycle, all data vault disks are physically destroyed by disk shredders. Projectplace retains user data as long as clients remain members of the service. Projectplace can retain user data indefinitely for active project members, downloadable at any point in time by the user for offline retention.

11. How long are backups and operating data retained?

Unless data is explicitly deleted by the project user, all project information is retained for the duration of the project. Once the user initiates project data deletion - e.g. by emptying a project’s waste paper bin or terminat-ing a project - the data disposal process is initiated, with user informa-tion no longer retained hereinafter. Object referrers and their associated encryption keys for deleted objects are deleted from the Projectplace da-tabase, which then initiates the garbage collection process, removing the encrypted file from the data vault and overwriting the data. Projectplace does not use backup tapes or other removable media to store user data. Once the data is purged from both primary and secondary systems, it is no longer available.

12. What is the backup schedule for Projectplace servers?

How much data could a user potentially lose?

Projectplace operates a fully redundant system with real-time database mirroring. All data generated on the Projectplace primary site is continu-ously backed up to its secondary site, via dual fibre connections. The Projectplace disaster recovery tests demonstrate zero data loss. Project-place further promises to keep data loss to a minimum (estimated RTO and RPO approximately two minutes) in the event of an actual disaster.

13. What are the RTO and RPO of the disaster

recovery solution for the Projectplace service?

The Projectplace production system is run on a multi-site cluster at two geographically dispersed locations. All critical servers and applications are installed at both locations, which, in the case of a major disruption or disaster, ensure business continuity. All data stored in the primary database servers is mirrored to secondary servers in real time.

Second-Secure transmission over the Internet

Data in transit is encrypted with 256 bit SSL (version 3) and TLS (version 1) protocols, using a 2048 bit RSA public key for key exchange.

ary servers are located at the second Qbranch co-location facility and are configured to automatically take over production tasks. In the event one of the locations fails, the second site is configured to take over all production tasks with minimal service disruption and capacity loss (esti-mated RTO and RPO approximately two minutes). In the event of a major disruption or disaster at one or both production sites, an emergency response team, consisting of selected Projectplace staff, is summoned to activate the disaster recovery plan.

14. How is user data disposed of at

the time of contract termination?

Once a user initiates deletion of project data - for example, by empty-ing a project’s waste paper bin or terminatempty-ing a project, object referrers and their associated encryption keys are deleted from the Projectplace database. This initiates the garbage collection process, which removes the encrypted files from the data vault and overwrites the data.

The process is identical for both primary and secondary data centres. User data is not stored on any removable storage systems or backup media.

15. What processes and procedures are in place to

ensure that the web application is not vulnerable to

known web-application attacks?

Projectplace is constructed on a multi-tier architecture, consisting of web servers, application servers and database data storage. Projectplace has in place established coding standards and a software-development life cycle, with security incorporated from the very outset. Industry guide-lines, such as The Open Web Application Security Project (OWASP), Secure Coding Guide, SANS CWE Top 25 and CERT Secure Coding are followed by the development team. Projectplace application security is tested by web application vulnerability scans and annual penetration tests at least once every quarter and whenever any significant change is made in the system. These tests are performed in accordance with OWASP testing guidelines.

16. What controls are implemented and enforced that

pro-tect user credentials and ensure a secure login procedure?

All users are required to authenticate on the service with a unique user-name and password combination. User credentials are encrypted when transmitted over the Internet (HTTPS) and when at rest in the Project-place database. User-identity verification is done via e-mail, using the self-service, challenge-response mechanism. Users are required to enter the activation code that is sent to their pre-defined e-mail address. By default, users are required to have passwords that consist of at least six characters in order to access the service. However, the client account manager can define the minimum password requirements for project members and enforce higher security standards.

Password properties recommended by Projectplace are as follows:

At least eight characters

Upper and lower case characters Numeric characters

Safe from prying eyes

Projectplace staff is prohibited from accessing user project data or uploaded documentation. In fact, the extensive encryption procedures effectively prevent anyone (including Projectplace staff) from accessing this information, using normal daily opera-tions or existing tools.

Currently, settings for password history and account lockout are not supported by Projectplace. Users are required to re-authenticate after session expiration (one hour).

17. What additional password settings

can be enabled on the service?

Project administrators can set the minimum password requirement of between eight or ten characters.Password complexity requirements can be set to none, one or both of the following:

Both small and capital letters must be included in the password. Numeric characters must be included in the password.

Password validity duration can be set to the following options:

Never expire After 1 month After 3 months After 6 months After 12 months

Please note these settings only apply to enterprise accounts.

18. How are client assets and/or information protected

against damage potentially caused by viruses and

other types of malware?

Projectplace provides file integrity monitoring and anti-virus software for all our critical systems that are commonly affected by malware.

19. How are clients informed about any incident or breach

that potentially exposes sensitive user information?

Do standard agreements and SLAs include clauses that

stipulate terms and conditions for the reporting of these

types of incidents?

Projectplace has in place established security incident responses and escalation procedures that ensure timely and effective handling of all situ-ations. All clients are informed in the event of a security incident which may potentially expose their data or cause a major disruption to the ser-vice. Projectplace is in close contact with the Swedish CERT, the police and legal authorities to handle such cases.

20. Are custom SLAs supported by Projectplace?

What terms and conditions in the standard SLAs

are negotiable?

Although Projectplace provides the best service for all its clients, custom SLAs are supported by Projectplace and are preferred by some larger clients. RTO/RPO, retention periods and notification mechanisms are among the negotiable terms of a custom SLA. In the past year, Projectplace maintained an uptime of 99.98%, independently monitored by third-party, Pingdom.

Over 99% uptime since 1998

Projectplace operates a fully redundant system with real-time database mirroring. All data gener-ated on the Projectplace primary site is continu¬ously backed up to its secondary site, via dual fibre connections.

21. Does Projectplace support two-factor (2-factor)

authentication for the login procedure?

Currently, the Projectplace service does not support two-factor authen-tication. However, the infrastructure is constructed in such a way so as to support encrypted authentication mechanisms that utilise strong passwords. All passwords and data in transit are encrypted, using SSL version 3 and TLS version 1 protocols over the Internet (HTTPS). To protect data stored in the Projectplace systems (including user creden-tials) the Advanced Encryption Standard (AES) protocol, renowned for its security, is used. Furthermore, Projectplace has a mature information security management system in place. Risks are continuously monitored and evaluated. Projectplace does not believe that two-factor authentica-tion adds much value to its service security when taking into account the existing number of mitigating controls. These controls include, but are not limited to, strong passwords, account-lockout mechanisms, audit logging and monitoring.

22. Does Projectplace support Single-Sign-on (SSO)

for the login procedure?

Yes, Projectplace supports Single-Sign-on (SSO), using the SAML and Active Directory Federation service for its enterprise clients. The SSO procedure allows network users to access Projectplace without having to log in separately, with authentication federated from the Active Directory. When federated authentication is enabled, Projectplace does not validate a user’s password. Instead, an assertion in the HTTP POST request is verified, allowing for SSO if the assertion proves to be true. This reflects the industry’s standard procedure for SSO that is widely in use.

When federated authentication is enabled, Projectplace does not validate a user’s password. Instead, an assertion in the HTTP POST request is verified, allowing for SSO if the assertion proves to be true. This reflects the industry’s standard procedure for SSO that is widely in use.

23. What features are supported by

Single-Sign-on (SSO) through SAML?

The implementation of SSO through SAML is mainly for end-user con-venience, avoiding the need for users to remember multiple passwords. Currently, Projectplace does not support advanced SAML features which allow for centralised user accounts and access management (such as automatic deletion of users from the Projectplace system after removal from the client domain). This, however, is in the pipeline.

24. Can exposure be limited by limiting access

to the system through filtering IP addresses?

Currently Projectplace does not provide source IP-based access restric-tion as the service is intended for global access. With over 820,000 users, IP-source-address filtering is not a manageable access control for the Projectplace system.

Seamless login process via SSO

Projectplace supports Single-Sign-on (SSO), using the SAML and Active Directory Federation service for its enterprise clients. The SSO proce-dure allows network users to access Projectplace without having to log in separately.

25. Is Projectplace a PCI DSS-certified

merchant/service provider?

PCI DSS (Payment Card Industry Data Security Standard) is a set of security requirements and guidelines for merchants who store, process or transmit cardholder data. Projectplace outsources all its payment pro-cessing to DIBS. Cardholder data is not stored, transmitted or processed by Projectplace systems. Users are directed to the DIBS secure payment page for online purchasing and returned to Projectplace upon transaction completion. Since its systems never touch payment card data, Project-place is not subject to PCI DSS. DIBS, however, is a PCI DSS-validated service provider for online payment processing.

26. In the event of Projectplace bankruptcy or a change in

its line of business, does Projectplace provide an escrow

agreement to safeguard user data and project data?

Projectplace, one of the first SaaS providers and in existence since1998, is customarily used as an escrow medium for cross-organisational col-laboration. For companies that work together but don’t want project documentation to be hosted by either side, Projectplace is an invalu-able solution. Whilst Projectplace does not by default support escrow agreements, it can offer its clients the technical assurance that all project documentation and plans are downloadable for off-line retention. All data stored on the Projectplace site is owned solely by the client. Once a pro-ject or account is deleted, the corresponding data is no longer retained. Users desiring to retain documents for a longer period of time are able to download project documentation. Users are also able to implement a routine backup procedure that downloads their documents for off-line retention.

27. Does Projectplace have an information security

management system in place? Is Projectplace

ISO 27001-certified?

Yes, Projectplace has a very mature information security management system in place, whereby risks are continuously monitored and evalu-ated. Projectplace was awarded ISO 27001 certification in March of 2012, following an audit by Intertek. A copy of the certificate is available for viewing on the company web site.

Certified Security

Projectplace’s mature information security management system is awarded the ISO 27001 certificate.