Security policy

Overall:

• Omnidesk is ISO27001 certified

• Our datacenter is ISO27001 certified

• Pentested

• OWASP proof

Security measures for end-users (agents, supervisors and administrators):

• Login through two factor authentication (email or sms)

• Password requirements

• Strong hashing of passwords

• HTTPS encryption on all endpoints

• Input validation on all endpoints

• Permission whitelist per group

• IP whitelisting

Among security measures for Omnidesk staff are:

• Lock computer/terminal after use

• VOG declaration (Dutch certificate of good behaviour)

• Only EU staff can access EU prod environment (GDPR)

• Admin always works trough VPN

• VPN login based on certificate

• VPN login IP whitelisted

• Physical locks for spaces with computers

• Named accounts for server access

• Centrally managed accounts through LDAP

• Activity logs of users on servers

• Always use password manager

• Only administrator staff have access to application servers

• Internal communication servers through private network

• OS always within support terms (preferably LTS)

• Auto install of important security updates

• Strict firewall whitelisting

• Explain-requirement when software runs as root

• Code-review of new code

• Servers provisioned through scripts which are also code-reviewed