PPM Express Security Statement

Effective Date: September 23, 2019

At PPM Express, we take our responsibility to protect and secure your information seriously and strive for complete transparency around our security practices. Our Privacy Policy also further details the ways we handle your data. All customer data held in PPM Express platform is protected by strict security and administrative procedures detailed below.

Physical Security

PPM Express platform is running on Mongo DB Atlas, a database as a service, which is built atop of Microsoft Azure and hosted in data centers managed and operated by Microsoft. Microsoft Azure meets a broad set of international as well as regional and industry-specific compliance standards, such as ISO 27001, FedRAMP, SOC 1 and SOC 2, for more compliance details please go here.

User Authentification

Each user in PPM Express has a unique account and a user name. We offer Microsoft Office 365 and Google authentication, where a user name must match the primary email address of the Work account. Using Microsoft Office 365 / Google authentication enables you to apply a password policy that corresponds to security and privacy requirements in your organization. There is no additional embedded password management in PPM Express, which means that we do not store any credentials of our customers and their users on our side.

Access Management

Access to production systems and data is restricted to appropriate personnel. We use a combination of technical and logical controls to limit and audit the personnel who access systems with sensitive data. Personnel access is established based on roles, the principle of least privilege, and multifactor authentication.

Data Isolation

For each PPM Express tenant a separate database is created where only the data of an individual tenant is stored. The data of each PPM Express tenant is logically separated and is not influenced or can be accessed by other tenants.

Data Encryption

All customer data at rest and in transit is encrypted with FIPS 140-2 compliant encryption algorithms. All connections to our websites or services are protected via the use of encrypted connections, such as the Transport Layer Security (TLS) protocol using TLS 1.2 and above protocol version.

Application Management

All development/ test environments are separate from production environments with access control in place to enforce separation. PPM Express production systems and data can only be accessed by authorized members of the PPM Express IT team. All test and development data are completely fabricated – created only for testing and development, which means that PPM Express development and test environments do not store any personal or sensitive customer data.

PPM Express Connectors

PPM Express platform connects with independent vendor applications such as Microsoft Office 365 Planner, Atlassian JIRA, Azure DevOps and others enabling the integrated company-wide project and portfolio management. Security measures for the tools integrated with PPM Express platform are established and maintained by the vendor. Any information related to the security of the integrated connectors should be addressed to the vendor. The data that is being transferred from vendor applications to PPM Express is encrypted.

Disaster Recovery

PPM Express utilizes many possibilities of our database and cloud infrastructure providers to store the data secure and prevent any data loss in case of possible disaster scenarios. The data is being geo-replicated, maintaining three copies of data, and automatically deployed across Azure availability zones for continuous application uptime in the event of outages and routine maintenance. The data is protected with continuous backups that allow to restore from stored snapshots or from a selected point in time within the last 24 hours. Backup data is protected using server-side encryption.

If you need more information about our security policy, guarantees, and infrastructure, welcome to contact us for detailed documentation.

Our Trial process is Fast and Simple as 1-2-3:

Step 01/
Discovery

Quick, 15-20 minutes call to understand your objectives, requirements, expectations.

Step 02/
Demo

Personalized, 60-minutes demo of PPM Express to show how it can support your use cases.

Step 03/
Trial / Pilot

30-day long, supervised FREE Trial / Pilot to experience PPM Express firsthand. + Free Onboarding

Request Trial
Scroll to top