Security policy
The security of our platform is of the utmost importance to us. We created a set of rules for our users and ourselves (the security policy) to make sure our platform is well protected.
    OWASP proof
    ISO27001 certification of our data center
    We work conform the ISO27001 policy
    Pentested by an external firm
Security measures for end-users (agents, supervisors and administrators):
    Login through two factor authentication (email or sms)
    Password requirements
    Strong hashing of passwords
    HTTPS encryption on all endpoints
    Input validation on all endpoints
    Permission whitelist per group
    IP whitelisting
Security measures for Omnidesk staff:
    Lock computer/terminal after use
    VOG declaration (Dutch certificate of good behaviour)
    Only EU staff can access EU prod environment (GDPR)
    Admin always works trough VPN
    VPN login based on certificate
    VPN login IP whitelisted
    Physical locks for spaces with computers
    Named accounts for server access
    Centrally managed accounts through LDAP
    Activity logs of users on servers
    Always use password manager
    Only administrator staff have access to application servers
    Internal communication servers through private network
    OS always within support terms (preferably LTS)
    Auto install of important security updates
    Strict firewall whitelisting
    Explain-requirement when software runs as root
    Code-review of new code
    Servers provisioned through scripts which are also code-reviewed
Last modified 2yr ago
Copy link