Security

The security of DORA Software is of a very high level. Our customers’ data is of utmost importance and it is safe in our systems.

Below is a small sample of the actions taken to protect our customers’ data.

Hosting

  • Hosting is ISO 27001:2013 certified
  • European servers for Europe, Africa, Asia and Australia.
  • American server for North – Central – South America
  • System admin access over ssh with pubkey auth over non-default port
  • Automatic system security updates are applied
  • System configuration hardened
  • Application and system monitoring and alerting in place
  • Monitoring and alerting available to admins over VPN
  • System battle-tested with periodic penetration tests
  • Strong password policy in place for admins and system
  • Firewall to allow only specific access

Email

  • E-mail security enforced with secure SPF, DKIM and DMARC policies

DORA

  • HTTP security headers are correctly and securely configured
  • Use of HTTPS
  • Input validation enforced in ORM
  • File upload hardened on system level with OWASP best practices implemented
  • File downloads for authenticated users only
  • Automatic system security updates are applied
  • Application and system monitoring and alerting in place
  • Encrypted off-site backups periodically created
  • Application battle-tested with periodic penetration tests
  • Database access only available over local connection
  • MFA enforced (two-factor authentication)
  • Storage is on a per-customer database and file storage
  • Access to the system via a customer specific url with optional IP filtering

Buy DORA Software here.

Single User, Multi User, Enterprise? Demo, offer or buy directly? Contact us.
You can start with the Single User package within 1 day.

You can order a Single User package online here.

    © European Reliability Centre (ERC) B.V.