...
LogiSense uses a layered approach for Security by combining various methodologies to achieve the highest level of security without unduly impacting the user experience.
...
Layer | Description |
|---|---|
Password Management | This encompasses the creation and enforcing of strong passwords, failed logon limits, password history, and account lockouts. |
Role Based Permissions | Granular permissions can be configured through the admin portal which define applicable access control rights for login users |
Authentication of User Traffic | Encrypt (via SSL) and authenticate user traffic between the client browser and the web server hosting the Admin Portal. Prevent username and passwords from being sent in plain text across the internet. |
Firewall Protection | Require all LogiSense system administration staff to VPN and authenticate with the network prior to accessing any parts of the infrastructure. |
Hosting Security
LogiSense infrastructure is hosted on the Amazon Web Services (AWS) hosting environment. The LogiSense hosting environment is SSAE16 and ISO/IEC 27001 compliant and offers extensive protection of data, guards against service interruptions along with LogiSense’s SOC 1 Type II certification.
Aspect | Description |
|---|---|
Monitoring | Continual intrusion detection monitoring performed on infrastructure |
Architecture | Deployment architecture is provided in a segregated environment with layered physical security and authentication between each zone. |
Backups | All off-site database backups are encrypted |
Vulnerability | Monthly vulnerability scans are performed on infrastructure |
Penetration Testing | External and Internal Penetration Tests performed by 3rd party |
Training | Annual company wide security training and annual developer training in secure coding. |
PCI DSS | LogiSense maintains a PCI Level 1 compliance ensuring all system requirements, processes and procedures meet PCI requirements for credit card processing |
API Security
LogiSense provides REST API support for integration into CRM, self-care and other enterprise applications that require interface capability with back office systems. The REST API supports SSL based authentication. The API transactions require role based tokenized authentication and unauthorized access via the API will result in exceptions.
...