Security

Protecting your data is equally important to you and us. We take a holistic approach to information security, as it's only as good as the weakest link.

Therefore, we apply security to all aspects of our business, from technical to organizational, backend to frontend.
Our processes have security built into them, supported by procedures and policies, as well as tested throughout development and in operation.

Technical security

Cloud security

DigiLEAN is hosted with the industry-leading cloud hosting provider Microsoft Azure. Azure has robust security measures in place, and it adheres to stringent compliance standards.  We prioritize data protection through dedicated database access control, IP whitelisting, segregated databases, and secure Key Vault storage.

We maintain and update the application and infrastructure constantly with releases and security patches.

Encryption

Experience true data security with our multi-layered encryption approach. At every stage, we safeguard your information. TLS 1.2+, HTTPS protocol, SSL, and TDE are used to encrypt data at rest, in transit, and during transmission. Our computers are fortified with BitLocker encryption to ensure your sensitive data remains impregnable.

Authentication

Embrace the power of OAuth2.0, the industry-standard for secure authentication. But we take it a step further with robust multifactor authentication, leveraging Microsoft Entra ID’s advanced capabilities. Customers maintain complete control over their password policies, ensuring seamless integration with existing security protocols.

Secure coding practices

We prioritize security through comprehensive coding practices and access controls. User access is carefully managed, with permissions granted only when necessary and all access logged for transparency. Multifactor authentication is mandatory wherever possible, adding an extra layer of protection. Our coding process follows strict guidelines, with code reviews and automatic scanning to maintain a secure codebase. We take a proactive approach to identifying and addressing potential vulnerabilities, ensuring the integrity and security of our platform.

Testing for security

We follow secure coding practices by adhering to industry best practices. The system grants permissions only when and where necessary, and logs all access diligently, applying user access control. Mandatory multifactor authentication ensure only authorized personnel can gain entry.

Our commitment to security extends to our coding process, which follows stringent guidelines, rigorous code reviews, and automatic scanning to maintain the codebase. We take a proactive approach to identifying and addressing potential vulnerabilities.

Moreover, we have separate environments for development, testing, and production, ensuring a controlled and efficient software development lifecycle.

Business continuity and disaster recovery​

Data print circuit board closeup

If disaster scenarios become effective, we execute our mitigation plans. This enables us to sustain our service even though a severe incident outside our control occurs.

Point-in-time backups and geo-replication services are in place to quickly recover from a disaster with minimum impact. To ensure effect upon execution, we document and test policies, plans and practices.

Security monitoring

DigiLEAN consists of many elements on different layers of IT communication. We implement monitoring and alerts to effectively keep an eye on critical metrics. This includes automated penetration testing, performance monitoring- and alerts on our system infrastructure, intrusion detection, user access control, heartbeats and other types of exceptions. We dedicate resources to monitor and take action when needed to mitigate risks and incidents.

3rd party integrations

DigiLEAN seamlessly integrates with your existing systems through secure REST API protocols, enabling smooth data exchange and streamlined operations.

To access our API, users must provide valid authentication through a secure access token. Each customer can access specific data through dedicated API accounts. This granular access control ensures that only authorized personnel can query DigiLEAN’s API, mitigating the risk of unauthorized access or data breaches. Moreover, end-to-end encryption safeguards sensitive information transmitted through the API from potential threats.

Malware protection

All computer devices are up-to-date antivirus and malware protection software as one of the endpoint protection measures.

Access control

Authorized personnel are the only ones with access to any part of the system, including resources used for development and maintenance of the software. The user access control contains login monitoring and alerts upon abnormal activity and login attempts.

Certain resources also have whitelisting on certain metrics, increasing the level of user identification.

Data storage

We safeguard your data using Microsoft Azure’s secure infrastructure, with logical segregation between customer accounts and additional isolation through regional deployments across Azure’s global network. Strict access control via APIs prevents direct database access.

Data ownership

Information entered into DigiLEAN either manually or fed from integrations are owned by the customer. For further details, please refer to our Terms and Conditions.

ISO/IEC 27001

Information security, cybersecurity and privacy protection

ISO/IEC 27001 is an internationally recognized standard for information security management. The certification proves that our Information Security Management System (ISMS) is functional and effective for data protection, security, disaster recovery and business continuity.

Our approach to the certification were holistic, including the product and our whole organization.

Organization

We engage and empower all the staff to contribute to our robust information security practices.

Our personnel undergo specialized training tailored to their roles, ensuring they remain at the forefront of knowledge and technology. New hires undergo rigorous screening and background checks, guaranteeing that only trustworthy individuals are protecting your sensitive information.

Regular training and security awareness activities are mandatory for all employees, fostering a culture of vigilance and accountability.

Policies

Policies are established and followed covering technical-, organizational-, and physical security concerns. All personnel receive training on applicable policies and procedures to ensure a coherent practice.

Here you can read our Privacy Policy.

Risk management

We record, assess and re-evaluate regularly to constantly monitor changes in our operating environment. Our risk management system is fully compliant with relevant standards, we ensure accountability for mitigating actions and have a track history available for authorities and audits.

Physical and environmental security

Our physical and environmental security policy ensures robust controls across all premises. Secure working areas, restricted access, and monitored entry points protect our offices, while IT equipment is safeguarded wherever it resides.

Book a meeting to learn more