Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| pub:trust_center:policies:it_security_policy [25.09.2024 12:29] – ↷ Page moved from it_security_policy to pub:trust_center:policies:it_security_policy Predrag Tasevski | pub:trust_center:policies:it_security_policy [15.10.2024 09:54] (current) – Predrag Tasevski | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== IT Security Policy ====== | ||
| + | |||
| + | |||
| //Effective date: 17.05.2024.// | //Effective date: 17.05.2024.// | ||
| Security is very important to Unicis and everyone here is doing their best to keep your presentations and data secure. This document describes our internal security policies, and minimum security baseline and how those translate into creating a secure platform, add-ons and plugins that you can trust. | Security is very important to Unicis and everyone here is doing their best to keep your presentations and data secure. This document describes our internal security policies, and minimum security baseline and how those translate into creating a secure platform, add-ons and plugins that you can trust. | ||
| - | ====== IT Security Policy ====== | ||
| We at Unicis are using the [[https:// | We at Unicis are using the [[https:// | ||
| + | {{tag> | ||
| ===== Data Protection ===== | ===== Data Protection ===== | ||
| You can request the [[https:// | You can request the [[https:// | ||
| + | {{tag> | ||
| ===== GDPR ===== | ===== GDPR ===== | ||
| We are committed to follow and implement all the guidelines and recommendations from GDPR with regards to all the data and information we handle, process, and store at Unicis. | We are committed to follow and implement all the guidelines and recommendations from GDPR with regards to all the data and information we handle, process, and store at Unicis. | ||
| + | {{tag> | ||
| ===== Data Security ===== | ===== Data Security ===== | ||
| - | All of Unicis infrastructure runs in hybrid cloud (AWS, Azure and GCP), hosted in European regions. You can find more information about security practices on their cloud security page. | + | All of Unicis infrastructure runs in OVHCloud, hosted in European regions. You can find more information about security practices on their cloud security page. |
| ==== Data Encryption at Rest ==== | ==== Data Encryption at Rest ==== | ||
| Line 51: | Line 56: | ||
| The complexity of the password must be at least 12 characters, and it must contain at least one uppercase and lowercase letter, digit, and special character. | The complexity of the password must be at least 12 characters, and it must contain at least one uppercase and lowercase letter, digit, and special character. | ||
| - | If password authentication is used in addition to single sign-on, we enforce: | + | If password authentication is used in addition to single sign-on, we enforce: |
| + | * Do not limit the permitted characters that can be used | ||
| + | * Do not limit the length of the password to anything below 64 characters | ||
| + | * Do not use secret questions as a sole password reset requirement | ||
| + | * Require email verification of a password change request | ||
| + | * Require the current password in addition to the new password during password change | ||
| + | * Store passwords in a hashed and salted format using a memory-hard or CPU-hard one-way hash function | ||
| + | * Enforce appropriate account lockout and brute-force protection on account access | ||
| + | * Do not provide default passwords for users or administrators | ||
| + | {{tag> | ||
| ==== Third-Party components ==== | ==== Third-Party components ==== | ||