The security of DORA Software is of a very high level. Our customers’ data is of utmost importance and it is safe in our systems.
Below is a small sample of the actions taken to protect our customers’ data.
Hosting
- Hosting is ISO 27001:2013 certified
- European servers for Europe, Africa, Asia and Australia.
- American server for North – Central – South America
- System admin access over ssh with pubkey auth over non-default port
- Automatic system security updates are applied
- System configuration hardened
- Application and system monitoring and alerting in place
- Monitoring and alerting available to admins over VPN
- System battle-tested with periodic penetration tests
- Strong password policy in place for admins and system
- Firewall to allow only specific access
Email
- E-mail security enforced with secure SPF, DKIM and DMARC policies
DORA
- HTTP security headers are correctly and securely configured
- Use of HTTPS
- Input validation enforced in ORM
- File upload hardened on system level with OWASP best practices implemented
- File downloads for authenticated users only
- Automatic system security updates are applied
- Application and system monitoring and alerting in place
- Encrypted off-site backups periodically created
- Application battle-tested with periodic penetration tests
- Database access only available over local connection
- MFA enforced (two-factor authentication)
- Storage is on a per-customer database and file storage
- Access to the system via a customer specific url with optional IP filtering
