omnidesk
Search
K

Security policy

The security of our platform is of the utmost importance to us. We created a set of rules for our users and ourselves (the security policy) to make sure our platform is well protected.
Overall:
  • OWASP proof
  • ISO27001 certification of our data center
  • We work conform the ISO27001 policy
  • Pentested by an external firm
Security measures for end-users (agents, supervisors and administrators):
  • Login through two factor authentication (email or sms)
  • Password requirements
  • Strong hashing of passwords
  • HTTPS encryption on all endpoints
  • Input validation on all endpoints
  • Permission whitelist per group
  • IP whitelisting
Security measures for Omnidesk staff:
  • Lock computer/terminal after use
  • VOG declaration (Dutch certificate of good behaviour)
  • Only EU staff can access EU prod environment (GDPR)
  • Admin always works trough VPN
  • VPN login based on certificate
  • VPN login IP whitelisted
  • Physical locks for spaces with computers
  • Named accounts for server access
  • Centrally managed accounts through LDAP
  • Activity logs of users on servers
  • Always use password manager
  • Only administrator staff have access to application servers
  • Internal communication servers through private network
  • OS always within support terms (preferably LTS)
  • Auto install of important security updates
  • Strict firewall whitelisting
  • Explain-requirement when software runs as root
  • Code-review of new code
  • Servers provisioned through scripts which are also code-reviewed