Comment on page

Security policy

The security of our platform is of the utmost importance to us. We created a set of rules for our users and ourselves (the security policy) to make sure our platform is well protected.
  • Omnidesk is ISO27001 certified
  • Our datacenter is ISO27001 certified
  • Pentested
  • OWASP proof
Security measures for end-users (agents, supervisors and administrators):
  • Login through two factor authentication (email or sms)
  • Password requirements
  • Strong hashing of passwords
  • HTTPS encryption on all endpoints
  • Input validation on all endpoints
  • Permission whitelist per group
  • IP whitelisting
Among security measures for Omnidesk staff are:
  • Lock computer/terminal after use
  • VOG declaration (Dutch certificate of good behaviour)
  • Only EU staff can access EU prod environment (GDPR)
  • Admin always works trough VPN
  • VPN login based on certificate
  • VPN login IP whitelisted
  • Physical locks for spaces with computers
  • Named accounts for server access
  • Centrally managed accounts through LDAP
  • Activity logs of users on servers
  • Always use password manager
  • Only administrator staff have access to application servers
  • Internal communication servers through private network
  • OS always within support terms (preferably LTS)
  • Auto install of important security updates
  • Strict firewall whitelisting
  • Explain-requirement when software runs as root
  • Code-review of new code
  • Servers provisioned through scripts which are also code-reviewed