Security

Protecting your data is equally important to you and us.
We take a holistic approach to information security, as it's only as good as the weakest link.

Therefore, security is applied to all aspects of our business, from technical to organizational, backend to frontend.
Security is built in to our processes, supported by procedures and policies, as well as tested throughout development and in operation.

Technical security

Cloud security

DigiLEAN is hosted with the industry-leading cloud hosting provider Microsoft Azure. Azure has robust security measures in place, and it adheres to stringent compliance standards.  We prioritize data protection through dedicated database access control, IP whitelisting, segregated databases, and secure Key Vault storage.

The application and infrastructure is maintained and updated constantly with releases and security patches.

Encryption

Experience true data security with our multi-layered encryption approach. Your information is safeguarded at every stage, with data encrypted at rest, in transit, and during transmission using TLS 1.2+, HTTPS protocol, SSL, and TDE. Even our computers are fortified with BitLocker encryption, ensuring your sensitive data remains impregnable.

Authentication

Embrace the power of OAuth2.0, the industry-standard for secure authentication. But we take it a step further with robust multi-factor authentication, leveraging Microsoft Entra ID’s advanced capabilities. Customers maintain complete control over their password policies, ensuring seamless integration with existing security protocols.

Coding​ Practices

We prioritize security through comprehensive coding practices and access controls. User access is carefully managed, with permissions granted only when necessary and all access logged for transparency. Multi-factor authentication is mandatory wherever possible, adding an extra layer of protection. Our coding process follows strict guidelines, with code reviews and automatic scanning to maintain a secure codebase. We take a proactive approach to identifying and addressing potential vulnerabilities, ensuring the integrity and security of our platform.

Testing

We follow secure coding practices by adhering to industry best practices. User access control is applied, granting permissions only when and where necessary, while all access is diligently logged. Mandatory multi-factor authentication ensure only authorized personnel can gain entry.

Our commitment to security extends to our coding process, which follows stringent guidelines, rigorous code reviews, and automatic scanning to maintain the codebase. We take a proactive approach to identifying and addressing potential vulnerabilities.

Moreover, we have separate environments for development, testing, and production, ensuring a controlled and efficient software development lifecycle.

Business continuity and disaster recovery​

Disaster scenarios are defined with a mitigation plan if they become effective. This enables us to sustain our service even though a severe incident outside our control occurs.

Point-in-time backups and geo-replication services are in place to quickly recover from a disaster with minimum impact. Policies, practices and plans are documented and tested to ensure effectivity when execution is required.

Monitoring

DigiLEAN consists of many elements on different layers of IT communication. Monitoring and alerts are therefore implemented to effectively keep an eye on critical metrics. This includes automated penetration testing, performance monitoring- and alerts on our system infrastructure, intrusion detection, user access control, heartbeats and other types of exceptions. Resources are dedicated to monitor and take action when needed to mitigate risks and incidents.

3rd party integrations

DigiLEAN seamlessly integrates with your existing systems through secure REST API protocols, enabling smooth data exchange and streamlined operations.

To access our API, users must provide valid authentication through a secure access token. Each customer is granted a dedicated API account, granting access to the specific data and resources that the user is authorized to interact with. This granular access control ensures that only authorized personnel can query DigiLEAN’s API, mitigating the risk of unauthorized access or data breaches. Moreover, all data transmitted through the API is encrypted end-to-end, safeguarding sensitive information from potential threats.

Malware protection

All computer devices are up-to-date antivirus and malware protection software as one of the endpoint protection measures.

Access control

Access to any part of the system, hereunder resources used for development or maintenance of the software are limited to authorized personnel only. User access control is implemented with login monitoring and alerts upon abnormal activity and login attempts.

Certain resources also have whitelisting on certain metrics, increasing the level of user identification.

Data storage

Your data is safeguarded in Microsoft Azure’s secure infrastructure, with logical segregation between customer accounts and additional isolation through regional deployments across Azure’s global network. All access is strictly controlled via APIs, preventing direct database access. 

Data ownership

Information entered into DigiLEAN either manually or fed from integrations are owned by the customer. For further details, please refer to our Terms and Conditions.

ISO 27001

Information security, cybersecurity and privacy protection

ISO/IEC 27001is an internationally recognized standard for information security management. Being certified means we have an Information Security Management System (ISMS) in place that is proven functional and effective for data protection, security, disaster recovery and business continuity.

DigiLEAN has taken a holistic approach to our ISO 27001 certification, where both the product and our organization are fully covered by the certification.

Organization

All staff are engaged and empowered to contribute to our robust information security practices.

Our personnel undergo specialized training tailored to their roles, ensuring they remain at the forefront of knowledge and technology. New hires undergo rigorous screening and background checks, guaranteeing that only trustworthy individuals are entrusted with protecting your sensitive information.

Regular training and security awareness activities are mandatory for all employees, fostering a culture of vigilance and accountability.

Policies

Policies are established and followed covering technical-, organizational-, and physical security concerns. All personnel receive training on applicable policies and procedures to ensure a coherent practice.

Here you can read our Privacy Policy.

Risk management

Risks are monitored, recorded, assessed and re-evaluated regularly to constantly monitor changes in our operating environment. Our risk management system is fully compliant with relevant standards, we ensure accountability for mitigating actions and have a track history available for authorities and audits.

Physical and environmental security

Our physical and environmental security policy ensures robust controls across all premises. Secure working areas, restricted access, and monitored entry points protect our offices, while IT equipment is safeguarded wherever it resides.