Security & Compliance
proNova by TDE understands the security and safety of data is essential. As a company and service provider we have created the environment where clients can trust us to handle, store and keep their data protected, consequently we take Security and Compliance seriously.
Therefore, you can find information regarding to the following Security and Compliance topics:
- proNova Data Store
- Backup Strategy
- Advanced Network Protection
- Agile Development Process
- Release & Maintenance Lifecycle
- Federation-based Authentication
- Data Protection
- proNova Support
- Technological Partners
proNova Data Store
Data security is the most important thing for us, which we live strictly by the following rules:
- proNova takes care that your data is securely stored in a separate area of our data store that contains only data dedicated to you and which is separate from data of other entities.
- Only our proNova IT system administration and DB administration team has access to our productive server system, which is completely isolated from our development and test system.
Whenever you decide – for whatever reason – to leave proNova, you can request the complete deletion of all your data stored in our system. proNova also provides multiple ways to export your data in common file formats from our web-based application at any time.
We also support the programmatic API access to your data in our proNova data store via standardized web service calls.
proNova hosts its system in a redundant server environment with a high focus on backup processes:
- Full data backups are done daily and kept for at least 30 days.
- Backups of our virtual server environment are also done daily, which ensures a fast restore of the complete proNova system for disaster recovery reasons.
- Backups of our data and servers are stored in a secure location independent from the productive environment.
Advanced Network Protection
We have Cisco firewalls for protecting our world-wide company network in place:
- The next-generation Cisco firewalls which are used are kept up to date by our IT and network administration team on a regular basis.
- Enhanced security modules are enabled for the whole proNova network to protect our offices and data processing centers.
- The enhanced security modules cover: IPS (Intrusion Prevention System) and AMP (Advanced Malware Protection).
- All our firewalls are centrally administrated with a management tool.
- Our server and office branch networks are logically separated from each other in different segments.
- proNova keeps logs of all web application requests and can provide them for advanced user statistical analysis.
Agile Development Process
Our product development team for the proNova service abides by the rules of Scrum as a modern and agile development process with ...
- test-driven software development,
- pair programming,
- regular code reviews and
- continuous integration with application security testing tools.
The development team consists of software engineers, product owners and drilling engineers with multiple years of experience in this domain. All developments of the agile process must be approved by a product owner and before they are part of our productive releases, the new features are tested and confirmed by our separate release team.
Our agile teams use a project management tool for issue and task tracking.
Release & Maintenance Lifecycle
We have a well-defined release lifecycle in place, based on the iterations of the agile development process. Every four weeks the latest version of the proNova web application is deployed for all users. As part of this release and maintenance day (which occurs at least every four weeks) our proNova server infrastructure is updated to keep the complete system up to date and secure against any potential attacks.
We are using a deployment automation and management tool for the release of new proNova service versions.
Federation-based authentication is in place for user management, authentication and role-based access right assignment. We can offer you the setup of a trusted relationship between proNova and your organization for user authentication. This enables single sign-on for your users and allows you to keep the user management process completely in your hands.
Otherwise proNova can of course take care regarding the management of user access to our web-based analysis and reporting services by applying your organizational policies for your users in our user administration system.
We consider the privacy of your data and therefore we only require the minimum amount of personal information that is absolutely necessary to fulfill the purpose of your interaction with us. We only process personal data with your consent as part of our business relationship and we will never sell it to third parties.
We are compliant to the General Data Protection Regulation (GDPR) of the EU and comply with the EU-US Privacy Shield framework.
proNova provides support on multiple levels:
- 24/7 support line accessible via phone, e-mail and live chat.
- A central helpdesk software is used to effeciently track and process support tickets from all channels.
- Third-level development and IT support for any technical issues that are notified by our 24/7 support line in urgent cases.
- Any technical issues are tracked by our issue and task tracking tool.
As we are an independently owned company, our technological strategy is to cooperate with global and strong partners:
- Amazon AWS for server hosting (Compliance statement from Amazon: https://aws.amazon.com/compliance).
- Microsoft Office 365 for communication services (Office 365 Trust Center: https://products.office.com/en-us/business/office-365-trust-center-welcome).