Security policy (Projectplace.com)

Projectplace International AB (hereinafter referred to as "Projectplace") has created this Security Policy in order to demonstrate our firm commitment to security. The following discloses our security and accessibility policies.

Site certificate information

Projectplace understands that the security of your personal information and business details is important to you. Whenever you submit personally identifiable or business identifiable information or transfer other information and documents to and from Projectplace.com, you will be doing so through our secure servers.

The Projectplace.com service only allows secure browsers access to the system. The browser's "secure mode" is in place only when you are logged in to the system. You will be able to tell that you are in a secure mode when your browser displays a special icon on the lower bar of your browser window.

Every secure page (i.e. every part of the user interface) on Projectplace.com has been secured with a digital certificate by VeriSign, Inc. or a VeriSign partner. This is shown via the “site certificate” that is resident on all secure pages. To view this certificate, click on the image of the closed lock on the bottom bar of your browser window. A small frame displaying site security information will appear. This allows you to verify the site certification authority and that you are in fact on projectplace.com or a sub-domain of projectplace.com, e.g. uk.projectplace.com.

User identification

Only the members of a project place can see the project place and access its contents. Each user selects his/her own password for Projectplace.com. The users’ passwords are stored in a one-way encrypted format and are not accessible to employees of Projectplace.

After entering the required registration information as a new user you will be able to access your user account immediately. The password is chosen directly as part of the registration process and not sent to you by any other means.

If you have forgotten your password, or your password is not working for some reason, you can re-establish your identity with the system as follows:

  1. Go to https://service.projectplace.com/norwegian/loginhelp.htm.
  2. Enter your registered e-mail address in the form and click “Request new password”.
  3. Follow the instructions in the e-mail message that is sent to you (after step 2).

A password system has been established to ensure that only you can access your personal information and project places. The acceptable minimum password length is 6 characters. We recommend that you use a random combination of letters, numbers, and cases to provide added protection (for instance: 'Hfg358mz' would be a good password).

Each time you login to the system you will be required to authenticate your identity by entering your previously supplied e-mail address and password. Upon successful login, you are issued a unique "session id" (does not include any personally identifiable information) which allows you to remain active as long as actions are performed in the system at least once every 30 minutes, after which any further actions require you to re-enter your e-mail address and password. If an incorrect password is supplied, or if you simply forget your password, you may need to re-establish your identity following the instructions above.

After an undisclosed number of unsuccessful login attempts, you will be locked out.

Protection of information being transmitted

We use encryption technology to ensure the safe transmission of your information and documents when logged into the system. Your browser provides security by allowing us to use Secure Socket Layer (SSL) encryption up to 128-bit key length encryption when transmitting information and documents. The number of bits of secret key length varies between 40 and 128 depending on your browser’s capability. The highest available bit length is always used. All communication between your computer and Projectplace.com is encrypted using SSL.

Protection of stored information

Projectplace takes many measures to protect client information while it is stored, including:

  • Utilizing a firewall to protect our server farm and stored information. A firewall is a barrier to unauthorized users to prevent access to our systems.
  • Monitoring system and application activity logs to identify any unusual activity, from authorized and/or unauthorized individuals accessing our systems and/or making changes to stored information, for investigation.
  • Housing the server farm in a highly secure building to provide additional protection against unauthorized access and changes to stored information.
  • All documents stored at Projectplace.com are automatically encrypted with a unique key and saved anonymously in a secure database so that they cannot be identified. This means that not even persons with administrative rights to the servers’ operating system can access documents at Projectplace.com.
  • The system administration at Projectplace.com has no functions allowing access to a client’s project place. It is thus impossible for employees at Projectplace to access clients’ documents. Projectplace has also taken special steps to ensure that only a few key people are aware of how the security system is designed and implemented.
  • All employees at Projectplace are bound by a confidentiality and non-disclosure agreement prohibiting access to and dissemination of information handled by the company’s clients when using the Projectplace.com Web service.

In addition to client data, some personal information is stored in our databases and in browser cookies. For a complete list of what personal and demographic information is stored at Projectplace.com we refer to our Privacy Statement.

Internet connection and server architecture

The Projectplace.com server farm consists of a range of redundant hardware components including:

  • Large bandwidth redundant Internet connections to one of the main Internet connection points and redundant routers with fail-over configuration.
  • Redundant firewalls with filters and fail-over configuration.
  • Application and Web servers in the form of several load-balanced multi-processor servers.
  • Redundant database cluster configuration.
  • Database server mirrored in a fail-over server, which will take over if the main server is interrupted.
  • LAN with redundant network switches and fail-over configuration.
  • Highly secure computer facilities with cooling systems, UPS, backup systems and fire protection.

Backup routines

Projectplace has implemented the following backup routines:

  • The database servers’ RAID- system is mirrored every five minutes.
  • All backups are encrypted.
  • A differential backup that saves changes made to files over the last 24 hours is performed every day. The backup is made on alternating tapes so as to prevent faults arising in them.
  • A complete backup is performed weekly.
  • The backup medium is transferred at regular intervals (once a week) to an off-site long-term storage facility.
  • The encryption of the client’s information is retained whenever backups are performed.
  • Projectplace has implemented routines for restoring backed up data.

Accessibility

  • Projectplace undertakes to provide the customer with access to the Projectplace.com service as specified in detail in the Terms of Use, and as set forth from time to time on Projectplace's web sites. In the event of any conflict between this policy, the information on Projectplace’s web sites and that which is stated on the aforementioned Terms of Use, the Terms of Use shall take precedence.
  • Projectplace undertakes to adopt reasonable measures in order to ensure that the Projectplace.com service is available over the Internet around the clock, seven days a week. Projectplace shall be entitled to take measures that affect the aforementioned accessibility where Projectplace deems such to be necessary for technical, maintenance, operational, or security reasons.
  • The customer shall be aware and acknowledges that the customer's access to the Internet cannot be guaranteed and that Projectplace shall not be liable for deficiencies in the customer's own Internet connections.
  • In the event of defects or deficiencies attributable to Projectplace, Projectplace undertakes to act to rectify such defect without unreasonable delay. In the absence of intent or gross negligence by Projectplace, Projectplace otherwise assumes no responsibility for defects or deficiencies in the Projectplace.com service. Error notification must be given by the customer in accordance with the instructions announced by Projectplace from time to time and within a reasonable time of the discovery of the defect.

External security audits

External security experts perform security audits on a regular basis. A copy of the certificate issued after the most recent security audit can be provided upon request.

Changes in this policy

Projectplace reserves the right to modify or amend this Security Policy at any time and for any reason. Users will be notified about changes in the Security Policy via our web sites and newsletters.

Additional information

Additional security information
Additional information on the terms of use.

Contact information

If you have any questions about this Security Policy or any other inquiries, you can contact:

Projectplace International AB
Klarabergsgatan 60
111 21 Stockholm
Sweden
+46 8 586 302 00
info@projectplace.com

Skriv ut Skriv ut     Tips noen om denne siden Tips noen om denne siden     Tilbake Tilbake