PPM Express Security

Statement

Effective Date: November 19, 2018

 

At FluentPro, a parent company of PPM Express, we take our responsibility to protect and secure your information seriously and strive for complete transparency around our security practices. Our Privacy Policy also further details the ways we handle your data. All customer data held in PPM Express platform is protected by strict security and administrative procedures detailed below.

Physical Security

PPM Express platform is running on Mongo DB Atlas, a database as a service, which is built atop of Amazon Web Services (AWS) and hosted on AWS EC2 servers in SOC1-3 tested and ISO27001 certified data centers. Amazon AWS data centers are compliant with a number of physical security and information security standards, for compliance details please refer to here.

 

Physical security of the Web Side is handled by Microsoft Azure that is deployed in Microsoft regional data centers. Microsoft Azure meets a broad set of international as well as regional and industry-specific compliance standards, such as ISO 27001, FedRAMP, SOC 1 and SOC 2, for more compliance details please refer to here.

User Authentification

Each user in PPM Express has a unique account and a username. We offer Microsoft Office 365 authentication, where a username must match the primary email address of the Microsoft Work account. Using Microsoft Office 365 authentication enables you to apply a password policy that corresponds to security and privacy requirements in your organization. There is no additional embedded password management in PPM Express, which means that we do not store any credentials of our customers and their users on our side.

Access Management

Access to production systems and data is restricted to appropriate personnel. We use a combination of technical and logical controls to limit and audit the personnel who access systems with sensitive data. Personnel access is established based on roles, the principle of least privilege, and multifactor authentication.

Data Isolation

For each PPM Express tenant a separate database is created where only the data of an individual tenant is stored. The data of each PPM Express tenant is logically separated and is not influenced or can be accessed by other tenants.

Data Encryption

All customer data at rest and in transit is encrypted with FIPS 140-2 compliant encryption algorithms. All connections to our websites or services are protected via the use of encrypted connections, such as the Transport Layer Security (TLS) protocol using TLS 1.2 and above protocol version.

Application Management

All development/ test environments are separate from production environments with access control in place to enforce separation. PPM Express production systems and data can only be accessed by authorized members of the FluentPro IT team. All test and development data are completely fabricated – created only for testing and development, which means that PPM Express development and test environments do not store any personal or sensitive customer data.

PPM Express Connectors

PPM Express platform connects with independent vendor applications such as Microsoft Office 365 Planner, Atlassian JIRA and others enabling the integrated company-wide project and portfolio management. Security measures for the tools integrated with PPM Express platform are established and maintained by the vendor. Any information related to the security of the integrated connectors should be addressed to the vendor. The data that is being transferred from vendor applications to PPM Express is encrypted.

Disaster Recovery

FluentPro utilizes many possibilities of our database and cloud infrastructure providers to store the data secure and prevent any data loss in case of possible disaster scenarios. The data is being geo-replicated, maintaining three copies of data, and automatically deployed across AWS availability zones for continuous application uptime in the event of outages and routine maintenance. The data is protected with continuous backups that allow to restore from stored snapshots or from a selected point in time within the last 24 hours. Backup data is protected using server-side encryption.

Compliance

We comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce and the European Commission. The framework provides FluentPro a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States. You can find more information about our commitment to the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework in our Privacy Shield Policy. Our active participation in the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework can be viewed on their website located here.

Implement modern PPM.

Start for FREE!

Get started! Sign up

Pricing

STARTER

 5 users

 1 Standard Connector

 Unlimited Projects

 Unlimited Resources

 Standard Support

PROFESSIONAL

 5+ users

 All Standard Connectors

 Unlimited Projects

 Unlimited Resources

 Standard Support

ENTERPRISE

 10+ users

  All Standard Connectors

 All Premium Connectors

 Unlimited Projects

 Unlimited Resources

 Direct ODATA Access