infsoft LocAware platform® – IT Security
The infsoft LocAware platform® offers multilayered, built-in mechanisms that ensure the protection of your data. The platform benefits from the reliable cloud foundation provided by Microsoft Azure.
At a glance
Security Features
Hosting of the solution
The solution is hosted by default in MS Azure with all security features and functions such as load balancing, geo-redundant data hosting and automated upscaling provided by Microsoft. The default MS Azure regions are West Europe (The Netherlands) and West Central US (Wyoming). Other data centers of the worldwide MS Azure network are also possible.
Security-related functions
The infsoft LocAware platform® with its services running in MS Azure implements various security functions such as multi-factor authentication, role-based access management, logging for all activities within the MS Azure portal as well as all activities in the infsoft LocAware platform®. HTTPS is used for encrypted transmission. Database encryption provides enhanced security for your data.
Secured APIs
APIs are secured via user-specific access tokens based on OAuth server to prevent unauthorized usage. Usage attempts are documented and create a notification.
Encryption
Data in-transit encryption
In-transit data are encrypted via SSL. All databases are encrypted as well.
Access credential encryption
Access credentials are encrypted in all cases before transmitting them via network.
Public standards for encryption algorithms
Encryption algorithms and algorithm implementations are based on public standards and kept up to date.
Encryption of security-relevant configurations
All security-relevant configuration information is encrypted.
Data encryption at rest
All data within MS Azure and the infsoft LocAware platform® are encrypted at rest.
Security Monitoring and Standards
Security monitoring
Security incidents are monitored and logged within infsoft LocAware and MS Azure Security. Incidents create automatic notifications.
Security standards
The following security standards of MS Azure are in place and stated in the MS Azure Security Center:
- ISO 27001
- ISO 27017
- ISO 27018
- BSI C5 attestation
- ISO 19086-1
- Azure CIS 1.1.0
- PCI DSS 3.2.1
- SOC TSP
Scalability & Availability
The infsoft LocAware platform® with all its services is geographically, vertically, and horizontally scalable offering automated load balancing and upscaling as well as geo-redundancy due to its hosting in MS Azure.
Availability is guaranteed for at least 99.9% of the time.
Disasters and Recovery Plans
Disasters with impact on infrastructures
infsoft solutions are provided as SaaS. The infsoft LocAware platform® with all its services is offering automated load balancing and upscaling as well as geo-redundancy due to its hosting in MS Azure. Local disasters will not affect provided services.
RTO, RPO and Disaster Recovery Plans
Due to the hosting of the infsoft LocAware platform® in MS Azure, Recovery Time Objective (RTO) of maximum 1 business days and Recovery Point Objective (RPO) of maximum 1 day are handled by MS Azure Recovery Manager. A Disaster Recovery Plan with related procedures is in place from MS Azure by default.