Security
We take security seriously
At 24SevenOffice, we use the ISO 27001 standard to protect your data. We conduct regular audits to ensure top-level security for both our systems and all employees.
24SevenOffice and Security
-
Policies and Procedures 24SevenOffice has developed a comprehensive set of security policies based on ISO 27001 in form of an Information Security Management System (ISMS). These policies are updated frequently and communicated to all personnel. Information Security Policy 24SevenOffice has an Information Security Policy. Read the statement from the CEO: “ As a company, information processing is fundamental to our success and the protection and security of that information is a board level priority. Whether it is employee information or customer information we take our obligations under the GDPR and Data Protection Act 2018 seriously. We have provided the resources to develop, implement, and continually improve the information security management appropriate to our business”. Eirik Aalvik Stranden, CEO Security Organization 24SevenOffice has dedicated personnel to security management. Risk Assessments 24SevenOffice performs risk assessments on a regular basis, including supplier risk assessment. Employee Screening 24SevenOffice performs background checks on all new employees in accordance with local laws applicable to our business. The background check includes e.g. employment verification and education verification. Confidentiality All employee contracts include a confidentiality agreement. Acceptable Use All personnel has read and signed an comprihensive Acceptable Use Policy, Privay Policy and the Information Security Policy. Removing Access Access is removed when personnel leaves the company. All personnel has confidentiality clauses that survives the engagement relationship. -
Access Control and Authentication All personnel in 24SevenOffice is required to use an identity provider and multifactor on all application where available. Access to data within the 24SevenOffice organization is restricted by an need-to-know basis and utilizes least privilege and are frequently audited and monitored. Multifactor authentication is available for 24SevenOffice ERP customers. All personnel in 24SevenOffice is required to use multifactor and strong passwords. Single Sign-on 24SevenOffice ERP supports Google SSO to allow admins to determine who has access to 24SevenOffice from your existing identity provider. Role-based Access Control Access to data within 24SevenOffice ERP is governed by role-based access controls. 24SevenOffice has various permission levels for users. Access to data centers No personnel has access to any hosting location without permission from top managers and hosting partner. Office premises 24SevenOffice has no local datanetwork or any confidential information stored in the office premises. 24SevenOffice practice 100% Software-as-a-Service (SaaS) principles. Permissions and Authentication Access to customer data is limited to authorized privileged employees who require it for their job responsibilities. -
Data hosting 24SevenOffice datacenter is located in the EU/EES. 24SevenOffice MRP (Masterplan) is hosted in USA. Intrusion Detection and Prevention 24SevenOffice has designed multiple layers of security monitoring to detect anomalous behavior and acts upon any incident or security events. Ransomware Immutable backups of customer data, stored in separate locations. Capacity and Change Management 24SevenOffice performs capacity and change management Penetration testing 24SevenOffice engage annually third party security partners to perform penetration testing of 24SevenOffice ERP. Our dedicated security team responds to issues raised. Security Incident Response Any incidents are further escalated to a Information Security Incident Response Team (ISIRT) that ensures rapid response and possible business continuity. -
Development and Framework Security Controls The development of 24SevenOffice ERP is based on security-by-design. The top 10 OWASP principles are used as a basis. 24SevenOffice leverages modern and secure open-source frameworks with security controls to limit exposure to OWASP Top 10 security risks. Quality Assurance Our QA department manually test our application user interface Separate Environments Testing and staging environments are logically separated from the production environment. No customer data is used in our development or test environments. Bug Bounty Program We care deeply about keeping our users safe. If you believe you have discovered a vulnerability, we ask that you disclose it in a responsible manner. At this time 24SevenOffice does not have a Bug Bounty Program, but we welcome all discovery you might have found. -
ISO 27001 certification 24SevenOffice is certified according to the ISO 27001 security standard. Compliance 24SevenOffice has built its Information Security Management System based on the ISO 27001 security standard. The purpose is to ensure that best practice protection are implemented based on industry standards and that 24SevenOffice are compliant with applicable laws and regulations.