Platform security: Difference between revisions

From Tygron Preview Support Wiki
Jump to navigation Jump to search
No edit summary
 
(64 intermediate revisions by 3 users not shown)
Line 1: Line 1:
'''(Update)''' In december 2021, a major security vulnerability was detected in Log4J that is used by many Java applications. Tygron uses Java but has always preferred to use its own logging system and is therefore NOT affected. We have also verified that none of the underlying libraries are using Log4J. We will continue to actively monitor this and other vulnerabilities.
__TOC__


Tygron observes due care with regard to your privacy and the security of your data. Our policy is based on the General Data Protection Regulation (GDPR) and we have taken any possible technical and organisational measures to protect (personal) data. Please click here to find out how Tygron applies safety and data protection.
Tygron observes due care with regard to your privacy and the security of your data. Our policy is based on the General Data Protection Regulation (GDPR) and we have taken all relevant technical and organizational measures to protect (personal) data. Our starting points are:
Our starting points are:


* The licence is applied by the user to work in a private domain protected by a password. This domain is managed by the user who determines who has access and to which project.
* The license is applied by the [[user]] to work in a private [[domain]] protected by a password. This domain is managed by [[Domain Admin (User Account Type)|the domain manager]], who is a user who determines who has access with which rights and to which [[project]].  
* The personal data entered by a user under domain management are limited to the data required to execute the license agreement: the ability to provide support and the ability to inform about the maintenance and upgrades to the Platform. This includes the name and email address (needed to be able to obtain a password).  
** It is possible to implement [[Account Management#Two-Factor Verification|two-factor authentication]] for your domain.  
* The telephone number is optional.  
** Domain managers can force a minimum number of characters in new passwords.
* Users can indicate whether they do not want to receive emails about maintenance and upgrades.
** User passwords are stored via hashes and salting. This prevents the original passwords from being retrieved if they end up with persons that should not have access to them.
* These data are visible to the user under ‘my account’ in the Platform.
** A username can be deleted by the domain manager and by Tygron (at request).
* A username can be deleted by the domain manager and by Tygron (at request).
** Tygron observes strict confidentially with regard to handling data. If a user wants Tygron to look into projects, for example to provide support, then Tygron’s support department cannot gain access to the project until the user has requested Tygron’s assistance.
* Within the project, it will be visible when a user and which user has worked on what version. Projects can be removed by the user or (at request) by Tygron.
** Tygron employees who have access to the source code in view of their position and/or to project data, have entered into an additional confidentiality contract which is also valid after termination of employment.
* Upon termination of the license agreement, the associated personal details and projects will be deleted; backups will be deleted after two years.
** Within the project, it will be visible when a user, and which user, has worked on what [[Version Control|version]]. Projects can be removed by the user or (at request) by Tygron.
* Personal data are not shared with other processors without permission.
** The data (projects) are saved and edited in the {{software|server}}. The customer retains the title to such data at all times. The customer can retrieve/delete the data and assign rights via the {{software|client}}.
* The Tygron Platform only loads open data for projects by default. Although possible, it is not necessary for the user to add data to projects in advance. Data added by a user to projects and the domain are sent encrypted and stored securely (see ‘technical measures’).
** Upon termination of the license agreement, the associated personal details and projects will be deleted; backups will be deleted after maximally two years.
* Back-ups of projects are retained for 2 years and can be removed by Tygron at request. Data in the backups can also be given access to at request. Early removal of projects and access to data involve costs that are proportional to the hours to be spent for this purpose.
 
* The personal data entered by a user under domain management are limited to the data required to execute the license agreement: the ability to provide support and the ability to inform about the maintenance and upgrades to the {{software}}. This includes the name and email address (needed to be able to obtain a password).
** The telephone number is optional.
** These data are visible to the user under 'My Account’ in the {{software|client}}.
** Users can indicate whether they do not want to receive emails about maintenance and upgrades.
 
* By default, the {{software}} loads only open data for projects. Although possible, it is not necessary for the user to add data to projects in advance. Data added by a user to projects and the domain are sent encrypted and stored securely.
** The owner of the data (i.e. not Tygron) is responsible for ensuring that the use of such data is lawful.


* Tygron is only a data processor with regard to data in projects and cannot and will not use them for its own purposes. Consequently, processing only takes place on the basis of the license agreement.
* Tygron is only a data processor with regard to data in projects and cannot and will not use them for its own purposes. Consequently, processing only takes place on the basis of the license agreement.
* The owner of the data (i.e. not Tygron) is responsible for ensuring that the use of such data is lawful.
** We do not engage subprocessors with project data by default. Should this ever be an item, then this will only take place with written permission.
* We do not engage subprocessors by default. Should this ever be an item, then this will only take place with written permission.
** Personal data are not shared with other processors without permission.
* Tygron observes strict confidentially with regard to handling data. If a user wants Tygron to look into projects, for example to provide support, then Tygron’s support department cannot gain access to the project until the user has requested Tygron’s assistance.
 
* Tygron employees who have access to the source code in view of their position and consequently also to project data, have entered into an additional confidentiality contract.
* The Tygron Platform runs in the data center of Dataplace. This ultramodern Tier III data center, located well above sea level, is in line with the further professionalization of the Tygron Platform in terms of security of supply, stability, safety and sustainability. We use an encrypted SSL connection (see below for details).
* The software is offered as SaaS. This means that the software is and continues to be Tygron’s property and that access as well as support and maintenance can be obtained through a license. The Tygron Platform consists of a Client and Server Application.  
* The data (projects) are saved and edited in the server application. The customer retains the title to such data at all times. The customer can retrieve/delete the data and assign rights via the Client Application.
* A log is kept in which is visible when projects are active. This is necessary to see if a user stays within the agreed license limits.
* A log is kept in which is visible when projects are active. This is necessary to see if a user stays within the agreed license limits.
* Statistics are kept on how users use the application. These logs are immediately anonymous and are only for improving the software and support purposes.
** Statistics are kept on how users use the application. These logs are immediately anonymous and are only for improving the software and support purposes.
* Automatic crash logs can sometimes also contain personal data, these are only used to improve the software and then deleted.
** Automatic crash logs can sometimes also contain personal data, these are only used to improve the software and then deleted.
 


==Tygron Platforms security is organised as follows:==
* The {{software}} runs on our own hardware, which is located in the data center of Dataplace in Utrecht, the Netherlands. This ultramodern Tier III data center, located well above sea level, is in line with the further professionalization of the {{software}} in terms of security of supply, stability, safety and sustainability. We use an encrypted SSL connection.


* Industry standard SSL encryption for sensitive data in connections.  
* The software is offered as SaaS. This means that the software is and continues to be Tygron’s property and that access as well as support and maintenance can be obtained through a license. The {{software}} consists of a Client ({{software|client}}) and Server Application ({{software|server}}).  
* Tygron uses the latest and most secure TLS version 1.2. All communication is encrypted via the latest SSL versions (including internal backups and maintenance access to the machines themselves).
* Implementing two-factor authentication is in a advanced state of preparation. We would love to hear if you are interested in this.
* Brute-force intrusions are automatically recognized and there is the option to immediately disable logins.
* The server’s authenticity is verified via an industry-standard certificate protected with SHA-256 hashes.
* The application is largely built in Java, fully owned by Tygron and uses a number of widely used industry standard open-source components.
* Both client and server contain various security mechanisms to prevent reverse engineering, manipulation or hacking.


* Access to the server (and stored data) is only possible via encrypted protocols such as SSH and SFTP. The same applies to automatic backups via SFTP.  
== Technical measures ==
* We have a firewall that blocks everything except specific IP addresses.
For technical details on how the {{software}}'s security is organized, please contact {{email}}. Some of our starting points are:
* Our server is built with our own hardware and runs entirely under our own management at the Hague (NL). The machines are locked in a datacenter where only Tygron staff have physical access.  
* Tygron always uses the latest and most secure industry standards (for SLL encryption, the latest TLS versions, hashes, salting, patches etc).
* The servers run Ubuntu Linux, one of the most secure operating systems and standard for many web servers.  
* Brute-force intrusions are automatically recognized and blocked.
* The datacenter also has firewalls that can repel any attacks.
* Daily, we run thousands of tests that do not only check our software but often also the connections to external systems.
* User passwords are stored via hashes, this is the legal standard (GDPR) and prevents the original passwords from being retrieved if they end up with persons that should not have access to them.
* We regularly run penetration and vulnerability tests.  
* The customer has his own domain in which users have different rights to be able to adjust, start up, view, etc. projects.
* We hire independent security specialists to perform pen tests on an regular basis. 
* Every action performed by a user is verified for rights.
* Both client and server contain various security mechanisms to prevent reverse engineering, manipulation or hacking.  
* Each domain has an admin account where these rights can be set. By default, Tygron support has no access either; all we can do is view the domain with the project owner’s permission.
* We have a firewall that blocks everything except specific IP addresses. The firewall also (temporarily) blocks suspicious behavior.
* Errors as well as illegal login attempts are reported to Tygron directly via the server through an encrypted connection. Should a data breach nevertheless occur, the customer will be promptly notified and action is taken in accordance with legislation.
* Our server is built with our own hardware and runs in the Netherlands. The machines are locked in a datacenter where only authorized staff have physical access.  
** The servers run Ubuntu Linux, one of the most secure operating systems and standard for many web servers.  
** The datacenter has firewalls that can repel any attacks.
** Servers are only accessible for qualified employees and only validated software is installed.  
* We work by a secure coding policy.


'''Back up and restore strategy'''
== Back up and restore strategy ==


* Every week a backup of the customer data is made on the production server of Tygron. This backup is made to an external server at another location in the Netherlands. Project backups are kept for a maximum of two years but can be deleted earlier on request.
* Every week a backup of the customer data is made on the production server of Tygron. This backup is made to an external server at another location in the Netherlands.  
* Version management is made possible in our software to enable the recovery of a project in case of customer-specific problems.  
* Version management is made possible in our software to enable the recovery of a project in case of customer-specific problems.  
* The user can save multiple versions of the same project to easily revert to a previous version in case of problems.
* The user can save multiple versions of the same project to easily revert to a previous version in case of problems.
* In the event of calamities such as a disc crash, the customer data will be restored using the external backup, whereby data is only lost up to a maximum of a week.
* In the event of calamities such as a disc crash, the customer data will be restored using the external backup, whereby data is only lost up to a maximum of a week.
* Back-ups of projects are retained for a maximum of 2 years and can be removed by Tygron at request. Data in the backups can also be given access to at request. Early removal of projects and access to data involve costs that are proportional to the hours to be spent for this purpose.
== Organisational measures ==
* Data leaks are reported to Tygron’s management and documented by the COO. Data leaks are reported to the parties concerned in accordance with legislation. The COO is responsible within Tygron for taking actions in accordance with the GDPR.
* Before the date when the GDPR became into force, the preparatory steps as published on the website of the Dutch Data Protection Authority were examined. The privacy policy is discussed regularly within Tygron’s management and the team.
== Data processing agreements ==
The {{software}} itself does not rely on sub-processors. This means no Client Data is processed by sub-processors. Client data is the input of data by the Licensee and/or End Users in the Domain under the Editor Session and/or using the interface. Client Data is always stored  only at our ownn servers in the Netherlands.
Only for helpdesk and communication purposes, we work with supporting applications. Tygron’s existing processing agreements do not concern Client Data and have been verified and comply with the GDPR:
* The Freshdesk application is used for our support helpdesk. Freshdesk has its own privacy notice in accordance with the GDPR:


'''Organisational measures'''
'''[https://www.freshworks.com/privacy/ Freshworks Privacy Policy]''' . Tygron does not store the data entered in Freshdesk elsewhere and does not use it outside the application either.


* Data leaks are reported to Tygron’s management and documented by COO. Data leaks are reported to the parties concerned in accordance with legislation. The COO is responsible within Tygron for taking actions in accordance with the GDPR.
* For client communication, for instance on planned maintenance, updates and/or events, we use Pipedrive. Pipedrive has its own privacy notice in accordance with the GDPR:
* Before the date when the GDPR became into force, the preparatory steps as published on the website of the Dutch Data Protection Authority were examined. These steps were discussed with Tygron’s management and the team in May/June 2018.
'''[https://www.pipedrive.com/en/privacy Pipedrive Privacy Policy]'''


Tygron’s existing processing agreements have been verified and comply with the GDPR:
We use Microsoft Outlook for regular email contact.  
* The Freshdesk application is used for our support helpdesk.  
* Freshdesk has its own privacy notice in accordance with the GDPR:


'''[https://www.freshworks.com/privacy/?utm_source=email&utm_medium=email&utm_campaign=fdgdpr10may. Freshworks]''' 
{{article end


Tygron does not store the data entered in Freshdesk elsewhere and does not use it outside the application either.
|seealso=
*[https://www.tygron.com/en/blog/2023/03/01/city-of-amsterdam-subjects-tygron-platform-to-rigorous-security-demands/  City of Amsterdam subjects Tygron Platform to rigorous security demands] For more information about our cooperation with municipality Amsterdam and the external pen&hack test.
}}
{{User rights nav}}

Latest revision as of 12:01, 19 August 2024

Tygron observes due care with regard to your privacy and the security of your data. Our policy is based on the General Data Protection Regulation (GDPR) and we have taken all relevant technical and organizational measures to protect (personal) data. Our starting points are:

  • The license is applied by the user to work in a private domain protected by a password. This domain is managed by the domain manager, who is a user who determines who has access with which rights and to which project.
    • It is possible to implement two-factor authentication for your domain.
    • Domain managers can force a minimum number of characters in new passwords.
    • User passwords are stored via hashes and salting. This prevents the original passwords from being retrieved if they end up with persons that should not have access to them.
    • A username can be deleted by the domain manager and by Tygron (at request).
    • Tygron observes strict confidentially with regard to handling data. If a user wants Tygron to look into projects, for example to provide support, then Tygron’s support department cannot gain access to the project until the user has requested Tygron’s assistance.
    • Tygron employees who have access to the source code in view of their position and/or to project data, have entered into an additional confidentiality contract which is also valid after termination of employment.
    • Within the project, it will be visible when a user, and which user, has worked on what version. Projects can be removed by the user or (at request) by Tygron.
    • The data (projects) are saved and edited in the Tygron Engine. The customer retains the title to such data at all times. The customer can retrieve/delete the data and assign rights via the Tygron Client.
    • Upon termination of the license agreement, the associated personal details and projects will be deleted; backups will be deleted after maximally two years.
  • The personal data entered by a user under domain management are limited to the data required to execute the license agreement: the ability to provide support and the ability to inform about the maintenance and upgrades to the Tygron Platform. This includes the name and email address (needed to be able to obtain a password).
    • The telephone number is optional.
    • These data are visible to the user under 'My Account’ in the Tygron Client.
    • Users can indicate whether they do not want to receive emails about maintenance and upgrades.
  • By default, the Tygron Platform loads only open data for projects. Although possible, it is not necessary for the user to add data to projects in advance. Data added by a user to projects and the domain are sent encrypted and stored securely.
    • The owner of the data (i.e. not Tygron) is responsible for ensuring that the use of such data is lawful.
  • Tygron is only a data processor with regard to data in projects and cannot and will not use them for its own purposes. Consequently, processing only takes place on the basis of the license agreement.
    • We do not engage subprocessors with project data by default. Should this ever be an item, then this will only take place with written permission.
    • Personal data are not shared with other processors without permission.
  • A log is kept in which is visible when projects are active. This is necessary to see if a user stays within the agreed license limits.
    • Statistics are kept on how users use the application. These logs are immediately anonymous and are only for improving the software and support purposes.
    • Automatic crash logs can sometimes also contain personal data, these are only used to improve the software and then deleted.
  • The Tygron Platform runs on our own hardware, which is located in the data center of Dataplace in Utrecht, the Netherlands. This ultramodern Tier III data center, located well above sea level, is in line with the further professionalization of the Tygron Platform in terms of security of supply, stability, safety and sustainability. We use an encrypted SSL connection.
  • The software is offered as SaaS. This means that the software is and continues to be Tygron’s property and that access as well as support and maintenance can be obtained through a license. The Tygron Platform consists of a Client (Tygron Client) and Server Application (Tygron Engine).

Technical measures

For technical details on how the Tygron Platform's security is organized, please contact . Some of our starting points are:

  • Tygron always uses the latest and most secure industry standards (for SLL encryption, the latest TLS versions, hashes, salting, patches etc).
  • Brute-force intrusions are automatically recognized and blocked.
  • Daily, we run thousands of tests that do not only check our software but often also the connections to external systems.
  • We regularly run penetration and vulnerability tests.
  • We hire independent security specialists to perform pen tests on an regular basis.
  • Both client and server contain various security mechanisms to prevent reverse engineering, manipulation or hacking.
  • We have a firewall that blocks everything except specific IP addresses. The firewall also (temporarily) blocks suspicious behavior.
  • Our server is built with our own hardware and runs in the Netherlands. The machines are locked in a datacenter where only authorized staff have physical access.
    • The servers run Ubuntu Linux, one of the most secure operating systems and standard for many web servers.
    • The datacenter has firewalls that can repel any attacks.
    • Servers are only accessible for qualified employees and only validated software is installed.
  • We work by a secure coding policy.

Back up and restore strategy

  • Every week a backup of the customer data is made on the production server of Tygron. This backup is made to an external server at another location in the Netherlands.
  • Version management is made possible in our software to enable the recovery of a project in case of customer-specific problems.
  • The user can save multiple versions of the same project to easily revert to a previous version in case of problems.
  • In the event of calamities such as a disc crash, the customer data will be restored using the external backup, whereby data is only lost up to a maximum of a week.
  • Back-ups of projects are retained for a maximum of 2 years and can be removed by Tygron at request. Data in the backups can also be given access to at request. Early removal of projects and access to data involve costs that are proportional to the hours to be spent for this purpose.

Organisational measures

  • Data leaks are reported to Tygron’s management and documented by the COO. Data leaks are reported to the parties concerned in accordance with legislation. The COO is responsible within Tygron for taking actions in accordance with the GDPR.
  • Before the date when the GDPR became into force, the preparatory steps as published on the website of the Dutch Data Protection Authority were examined. The privacy policy is discussed regularly within Tygron’s management and the team.

Data processing agreements

The Tygron Platform itself does not rely on sub-processors. This means no Client Data is processed by sub-processors. Client data is the input of data by the Licensee and/or End Users in the Domain under the Editor Session and/or using the interface. Client Data is always stored only at our ownn servers in the Netherlands.

Only for helpdesk and communication purposes, we work with supporting applications. Tygron’s existing processing agreements do not concern Client Data and have been verified and comply with the GDPR:

  • The Freshdesk application is used for our support helpdesk. Freshdesk has its own privacy notice in accordance with the GDPR:

Freshworks Privacy Policy . Tygron does not store the data entered in Freshdesk elsewhere and does not use it outside the application either.

  • For client communication, for instance on planned maintenance, updates and/or events, we use Pipedrive. Pipedrive has its own privacy notice in accordance with the GDPR:

Pipedrive Privacy Policy

We use Microsoft Outlook for regular email contact.

See also