Pages

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This document addresses different aspects related to Frosmo security and customer data integrity.

Physical security

The Frosmo Ltd. headquarters is located at:

Kaivokatu 8 A, 5th floor
FIN-00100 Helsinki

The premises cannot be accessed without an electronic badge. The badges given to employees are listed and controlled.

The premises are equipped with an alarm system. The system detects door movement and motion on corridors. If an alarm goes off, the system alerts the security company, and security personnel will come and check the situation within a few minutes.

When a visitor arrives at the premises, a host lets the visitor in and accompanies the visitor throughout the visit. Visitor meetings are organized in a specific meeting room. Visitors are not allowed in areas reserved for software development or system operations.

Cleaning services are provided by a dedicated cleaning company and a known person is doing the cleaning at predefined times.

Server security

Frosmo cooperates with Hetzner Online AG (in Germany) for server hosting. Hetzner is located inside EU and governed by EU regulations. For more information, see the Hetzner company websites.

Customer data is backed up from production server systems to a specific backup server. The backup server is hosted by Hetzner.

On operation-system level, servers and firewall settings are managed by Frosmo. Security updates are deployed constantly to keep all platforms up to date with latest data and access security. The updates are deployed under the supervision of Frosmo Chief Technology Officer (CTO).

The agreement with the hosting partners does not include access to operations related to Frosmo customer data. The Frosmo personnel is solely responsible of managing all data collected by the Frosmo platform.

By default, the Frosmo JavaScript library files are delivered through Amazon Web Services (AWS) CloudFront. For more information, see Amazon's service-level agreement and product documentation. Frosmo can also use other services based on customer requirements.

Frosmo follows the best practices for managing AWS access keys. All JavaScript updates are deployed through automated processes, with each process using its own specific key with limited access.

Operational security

Frosmo does not store any information that alone enables identifying a user and using that information in a criminal manner, such as names, email addresses, or postal addresses. Therefore, Frosmo Ltd. is not directly subject to the laws and regulations for the management of personal information.

The Frosmo operational tools can only be accessed over HTTPS. Access to the tools is always protected with credentials. The core operations personnel may use superuser access to manage services. Credentials for the superuser access level can only be created during system installation and cannot be created using normal operations tools.

Credentials generated using the normal operations tools are always for a lower access level and can be shared with customer representatives. Customers can generate and manage credentials of the same level for other users in their organization.

Customer data is always stored is such a way that the data of one customer cannot be mixed with the data of another customer.

Frosmo System Administrator is responsible for all system updates. All modifications to Frosmo products in the production environment are controlled by the CTO. All software modifications can be tracked in change logs and the version control system.

Team members working for specific a customer can be disclosed to the customer on request. A team rarely works with multiple customers in the same market sector. Customers can request a background check on Frosmo employees. In addition, comprehensive audits can be carried out either by the customer or by a third party on request.

The Frosmo production servers can only be accessed (administrative access) by using public key authentication. Public keys are provisioned to trusted Frosmo employees when needed for the required access levels. All granted keys are recorded by the System Administrator and deployed to servers using an automatic deployment process that adds, removes, and updates keys on the production servers. All generated keys must follow the documented security guidelines and are always personal and protected by a passphrase known only to the key owner.

The workstations used by operation teams are always password-protected. Antivirus and malware protection software is used. Files are not stored on local workstations but on secure network drives, and documents are mainly stored in protected cloud-based services, such as Google Drive and Atlassian Confluence. The network server provides snapshots of the data for the most common backup and recovery needs within the normal workflow. These snapshots are also replicated to secondary servers to provide recovery in case the primary server fails.

All operational networks are protected by firewalls and managed by designated employees.

Critical system passwords are renewed on a regular basis.

Personnel security

The Frosmo work contract contains non-compete, confidentiality, and non-disclosure clauses. Additional non-disclosure agreements can be created for specific customers on request.

All new Frosmo employees are informed about physical and data security. This introduction is repeated at supervisors' discretion. The requirements and conditions for each customer are always discussed within the team when a new customer project starts.

The Frosmo employees are encouraged to observe and report to their supervisors all issues (on any level of operations) that are likely to compromise customer data security.

After an employee leaves Frosmo, the employee's access rights are removed. This procedure covers physical access, data access, and any generated authentication keys.

Application security

Access to the Frosmo services administration can be limited based on the IP address so that accessing Frosmo Control Panel is only allowed from the Frosmo premises and from IP addresses defined by the customer.

In addition, the Frosmo Control Panel triggers a warning if an account is accessed from multiple computers, and allows the user to close redundant connections. Too many failed login attempts trigger a failure mode, which forces additional authentication checks for subsequent login attempts and notifies the Frosmo System Administrator.

The Frosmo platform can force all content that is provided through the Frosmo JavaScript library to the customer website to load resources only from specified domains. When this feature is enabled, the Frosmo platform validates all modification content before it is saved to the Frosmo back end. If the content contains elements that could be used to load or inject resources from non-authorized domains, the content is rejected.