Hosting of our Platform is provided by Amazon Web Services (AWS) which holds, among others, the following certifications: • ISO 9001:2015 (Quality Management) • ISO 27001:2013 (Security Management) • ISO 27017:2015 (Cloud-Specific Security Controls) • ISO 27018:2014 (Personally Identifiable Data Protection) • Cloud Security Alliance - CSA STAR Level 2 (Cloud Service Provider Security)
AWS is audited twice a year covering a 6-month period to attest that they meet the criteria of their security programs, following SOC2, type II auditing procedures.
AWS datacenters are built to the highest standards with fully redundant power and cooling and strict access controls in place to ensure a very secure environment.
Data is stored in the following AWS regions, depending on your hosting needs: • EU-WEST-1 (Dublin, Ireland) for our European platform • AP-SOUTHEAST-1 (Singapore) for our Singapore platform • AP-SOUTHEAST-2 (Sydney, Australia) for our Australian platform
Inquiries and questions regarding our hosting provider and their certifications can be addressed to firstname.lastname@example.org.
Scanmarket is responsible for the operation of the hosted services and have procedures in place for: • 24x7x365 monitoring, maintenance and correction of hardware and software • Continuous patching and fixes • Hardening of servers including monitored security suites. • Scaling of the solution to ensure performance.
All data is backed up daily, with one weekly full-backup and daily incremental backups. Database transaction log files are backed up every 15 minutes.
The retention period for backups is 60 days.
Backups are stored in two separate AWS accounts, with completely segregated access, for disaster recovery purposes.
Information Security Management System
Scanmarket runs an extensive Information Security Management System (ISMS) based on the structure of the internationally recognized ISO/IEC 27001:2013. The ISMS is subject to continuous, systematic review and improvement.
All data at rest is stored encrypted and all sensitive data is encrypted in the database. Each customer has their own unique encryption key which ensures one customer cannot access another customer’s data.
Data in transit is encrypted for all transactions. All encryption is performed using current industry standards.
Disaster Recovery Planning & Business Continuity Planning
We understand that the company data in our system is the lifeline to your business. We strategically plan and prepare for any disaster recovery situation that could potentially happen.
Restore is carried out every day. Our ambition is to have a complete restore effected within 2 hours.
With Total Disaster Recovery, it is our ambition that the client within 24 hours can recommence working on a normal system, as well as access the data that was available at the latest scheduled backup prior to catastrophic failure.
Quality Assurance and Security Testing
Before any change is made in the Scanmarket strategic sourcing platform, the complete change is verified by highly qualified Quality Assurance Personnel ensuring highest possible stability and security in the application. The security testing includes, but is not limited to, testing against malicious requests and malicious input, including possible cross-site scripting attacks.
A yearly penetration test is performed by a qualified third-party, and any findings are corrected immediately. The latest summary is available to customers upon request.
All database access is performed through the ORM framework or a secure query engine, eliminating the risk of SQL injection attacks.
All requests are validated for correct rights before data is returned or modified.
Scanmarket support SAML2 based Single Sign-On, allowing for your organization to remain in control of the authentication process.
We also offer a regular username & password-based login with the ability to configure password requirements, such as length, complexity and age.
Protecting your data is a constant focus point. Therefore, our Software Development Life Cycle procedures includes: • Manual code reviews • Automated code scanning • Security training for developers (OWASP)
Scanmarket has a testing and a staging platform that is 100% disconnected from the live servers, so no customer data is available on the test setup. All new features are tested, first on the test server and then on the staging server, before they are released into production.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.