SECURITY

Prevent, Detect, Respond, Remediate

Scopeworker has several measures to ensure the platform integrates and runs securely with our customer's systems landscapes. Scopeworker sits within AWS cloud servers and supports the securing of multiple tiers of infrastructure security.  

STRATEGIC SECURITY

Secure, high performing and efficient infrastructure

Image

Prevent

We define user permissions and identities, infrastructure protection and data protection measures.

Image

Detect

We enable visibility into security posture with logging and monitoring. Information can be scaled for event management, testing and auditing.

Image

Respond

Incident response and recovery is automated so that the primary focus of security shifts from response to root cause analysis.

Image

Remediate

We leverage event driven automation to quickly remediate and secure the cloud environment in near real-time.

PRIVACY

We are vigilant about our standards for privacy and data security

Utilizing the AWS cloud, Scopeworker is built on the most secure global infrastructure.  All data flow is automatically encrypted at physical and additional layers; for example, all VPC cross-region peering traffic, and customer or service-to-service TLS connections. We are able to easily encrypt customer data in transit and at rest to help ensure that only authorized users can access it, using keys managed by a Key Management System (KMS) or managing encryption keys with CloudHSM using FIPS 140-2 Level 3 validated HSMs. We also have the ability to automatically comply with national. regional and local data privacy laws and regulations. 

Security tiers
SECURITY TIERS

A holistic strategy for securing all tiers

We collaborate with security companies to identify vulnerabilities early to keep Scopeworker software secure and we adopt a  holistic strategy of securing all tiers:

Security on the technical layer of the information systems 
Security along business processes of the organization
Organizational security as part of an overall Governance, Risk, and Compliance (GRC) framework, including the enablement of staff and third parties