omnidesk
omnidesk
Welcome
Ticket
Customers
Telephone
E-mail
Users
Live chat
Facebook
Twitter
Survey
Statistics
Security policy
Hosting
API docs
API specification
Powered by GitBook

Security policy

The security of our platform is of the utmost importance to us. We created a set of rules for our users and ourselves (the security policy) to make sure our platform is well protected.

Overall:

  • OWASP proof

  • ISO27001 certification of our data center

  • We work conform the ISO27001 policy

  • Pentested by an external firm

Security measures for end-users (agents, supervisors and administrators):

  • Login through two factor authentication (email or sms)

  • Password requirements

  • Strong hashing of passwords

  • HTTPS encryption on all endpoints

  • Input validation on all endpoints

  • Permission whitelist per group

  • IP whitelisting

Security measures for Omnidesk staff:

  • Lock computer/terminal after use

  • VOG declaration (Dutch certificate of good behaviour)

  • Only EU staff can access EU prod environment (GDPR)

  • Admin always works trough VPN

  • VPN login based on certificate

  • VPN login IP whitelisted

  • Physical locks for spaces with computers

  • Named accounts for server access

  • Centrally managed accounts through LDAP

  • Activity logs of users on servers

  • Always use password manager

  • Only administrator staff have access to application servers

  • Internal communication servers through private network

  • OS always within support terms (preferably LTS)

  • Auto install of important security updates

  • Strict firewall whitelisting

  • Explain-requirement when software runs as root

  • Code-review of new code

  • Servers provisioned through scripts which are also code-reviewed

Previous
Statistics API
Next
Hosting
Last updated 1 year ago