PROJECTFUSION - Enterprise level security
At PROJECTFUSION the security of your documents and other confidential information is our number one priority. We provide enterprise-class security to ensure that your data is never compromised, including:
Physical Security: Our production hosting environment is enterprise-class hosting facility. Our hosting facility has multiple levels of 24/7 physical security surrounding the data center including man-traps, access card door controls, and video surveillance. Only authorized personnel are allowed in the data center. The public is never allowed within the hosting area.
Perimeter Defense: The network perimeter is firewall-protected and proactively monitored for potential intrusion attempts. PROJECTFUSION monitors and analyzes access logs to scan for potential threats and works aggressively to ensure that the outer network defenses are intact.
3rd Party Audits: Servers are scanned, penetration tested and security checked to the application level at least every 6 months by industry leader Plynt (http://www.plynt.com/criteria/) to meet standard criteria, and a specific threat profile for online datarooms.
Database Security: Database access is strictly controlled at the database and operating system level. Sensitive user information is encrypted within the database.
Data Encryption: PROJECTFUSION employs the strongest encryption products available to protect your documents and confidential data. PROJECTFUSION is protected by a 128-bit SSL certificate and 1024-bit RSA public keys. The lock symbol displayed in your browser while you are logged into PROJECTFUSION tells you that your information is completely safe and protected from unauthorized access.
User Authentication: Only valid registered users can access the PROJECTFUSION online tools. A valid username and password are required to access the PROJECTFUSION system. A “three strikes and out” policy means that any user who logs in incorrectly 3 times in a row, is locked out for ten minutes. If they fail to login a further three times, the account will then need to be reset by an administrator to regain access. This prevents brute force password attacks.
Option - Automatic location based restrictions: Automatically restrict users to one logon location, preventing distribution of passwords to 3rd parties.
Option - SMS Token 2 tier authentication: Users type in username and password, then wait for a token to flash up on their mobile. This two-tier authentication prevents unauthorized users from gaining access to PROJECTFUSION just by stealing someone’s password, and provides much higher levels of security than just a username and password.
Application Security: The PROJECTFUSION application security model ensures that users only can access information from their own organizations and only the information they have been explicitly granted access to see. Access levels within the application are set to the minimum as documents and other information is added into PROJECTFUSION. System administrators and document owners can then grant additional access permissions to other users and groups.
SecureView Document Protection: All PDF documents are automatically protected, and cannot be downloaded, copied or printed. Secured documents are watermarked with IP Address, UserName, Company Name, and date/time, ensuring that the source of any photographed documents is easily trackable.
MD5 Checksums: All documents are automatically md5 checksummed, and this information is provided in audit trails. Any document can be compared to the index md5 to confirm it’s authenticity.
Confirmed Confidentiality
An expert 3 person Unix administrator support team, under strict individual NDA, has administrative access to your server. Written permission is required before our support team will view or examine any files in your PROJECTFUSION instance.