Skip to main content

PlanRadar AI Chatbot

Stay productive and ask our AI Chatbot if you get stuck with PlanRadar. In many cases it can provide answers and help you within seconds.
Show all results

Security

Tobias Patek
  • Updated

Introduction

This document outlines the measures and efforts of PlanRadar to provide modern and high standards for data security, privacy and service availability for our software.

Infrastructure / Hosting

AWS Whitepapers & Information

Configuration management

We follow the principles of immutable infrastructure and infrastructure as code. In case of error / failure the system can be regenerated based on its templates and source code. We use Kubernetes and Argocd for managing our infrastructure.

High availability / Scalability

AWS makes our system responsive to high load spikes and it will automatically provision more resources if that is necessary. Our customers will not experience performance impacts.

DDOS / Web vulnerability Protection

Our web application is shielded and protected with the cloudflare web proxy system.

Software Development

Implementation

Our system is based on modern, robust and battle proven open source technology. Our web application is developed with Ruby on Rails using an up to date security patch supported version. Our mobile clients are developed in Java, Objective-C and .NET .

All data transfer is done via HTTPS / TLS and the data is encrypted at rest. (In our relational database and in our object storage). All images, plans and document assets are stored in the highly durable Amazon S3 storage system.

OWASP

In our implementation we follow the security by design principle.

TDD

All our core functionality is implemented with the methodology of test driven development.

Application Security Measures

The application is shielded by multiple proxies and loadbalancers. We have the possibilities of multifactor authentication federated login with SAMl, custom password policies, limited login attempts, user blocks on wrong login attempts and a detailed user permission configuration.

Processes

Employees

All our employees, but especially in support and engineering are aware of data privacy / security and get trainings and SOPs for responsible treatment of our customer’s data. All employees only get the minimum necessary access to our IT systems. Customer data is only accessible by select employees.

Incident management

Security and privacy incidents are collected on every point of contact and then routed to the responsible organisational unit. Our logging systems detect anomalies in system usage and sends automated alarms if necessary. We have written procedures for disaster recovery and backup restores.

Access

Access to administrative systems is limited to certain vpns and protected by 2 factor authentication.

ISO/IEC 27001 Information Security Management Certification

We hold an ISO certification which can be seen here:

tuv.at/zertifizierungen/system-certificate

Related articles

Comments

0 comments

Please sign in to leave a comment.