Security & Trust at PPM Express

We take our responsibility to protect and secure your information seriously and strive for complete transparency around our security practices.

Security

We employ strict security measures at the organizational, application, and infrastructure levels to ensure security of customer data and our systems. These include:

null
PPM Express services and data are hosted in SOC I-, SOC II – and ISO-accredited data centers
null
Access control (authentication and authorization, role-based access control models)
null
Single sign-on support
null
Two-factor authentication for server access
null
Strong data encryption in transit and at rest (FIPS 140-2 compliant encryption algorithms)
null
Data segregation
null
Continuous network and security monitoring
null
Remote working via a corporate VPN only
null
Vulnerability management on a monthly basis
null
Internal physical security (keycard access and biometrics, surveillance camera monitoring)
null
Information security aspects of Business Continuity Management (encrypted data backups, geo-redundant storage replication)
null
Product security features (access rights, login security, tenant deletion, etc.)

Reliability

Platform Availability

We make real-time and historical platform status completely transparent and notify all our customers about any incident and outage activities on our Status Page. We offer 99.9% uptime commitment to our Enterprise customers.

Disaster Recovery

PPM Express utilizes many possibilities of our database and cloud infrastructure providers to store the data secure and prevent any data loss in case of possible disaster scenarios. These include daily continuous backups, regional backups, geo-replication of data across three Azure availability zones, encryption of backup data, recovery procedures and plan for restoring services. For more information, please see our Security and Privacy whitepaper or contact us for additional Security Documentation.

Privacy

We continuously evaluate requirements from various legislations (global, EU originated) and build a strong privacy and security program to provide our customers with the assurance they need for the privacy and protection of their data.

Review our Privacy Policy to learn more about how we manage and protect our customers’ information. Please see our Security and Privacy whitepaper for more details about our privacy program.

null

GDPR

PPM Express has evaluated GDPR requirements and our current security and data privacy practices to ensure compliance with new regulations. To prepare for GDPR, we have undertaken some research and changes, both small and large ones. These include:

null
Documenting and maintaining internal Information Security Policy that addresses various aspects of organizational and technical controls
null
We have updated our Privacy Policy to account for GDPR provisions, make it more transparent and easy to navigate. It also reflects improvements we have made to our security framework
null
Training employees on security and privacy practices, embedding Information Security Awareness training into an onboarding process, and signing NDAs with all employees
null
Providing data transfer mechanisms to legalize transfers of personal data outside of the European Economic Area
null
Providing all customers with a Data Processing Agreement at their request (please request our DPA by contacting us at legal@ppm.epress)
null
Enhancing data security measures to address requirements on data segregation, data retention, data encryption mechanisms, etc.
null
Providing configurable privacy and compliance features to our customers

PPM Express helps to make compliance with GDPR easier. Learn more about our commitments to comply with EU regulations in PPM Express & GDPR whitepaper.

If you need more information about our security policy, guarantees, and infrastructure, please see our Security and Privacy whitepaper or contact us for detailed documentation.