How We Secure Your Data
At ProLink Solutions, we take security very seriously. Our experience implementing solutions for clients ranging from Fortune 500 organizations, Housing Finance Agencies, syndicators, and developers, among other industries, has taught us that data security is priority number one to every organization, regardless of size.
Our commitment to data security acts as a compass towards every decision we make with all of our products, including Procorem.
With Procorem we strive to find the balance between usability and data security to ensure our clients receive the best of both worlds—secure data available anytime, anywhere. To achieve the type of security our clients expect, we have implemented a variety of security levels to deliver on this promise.
Data Encryption—Protecting Your Data
One of the most critical components of data security is how the data is protected once it is uploaded into the data warehouse. With Procorem security, we go above and beyond industry best practices ensuring your data is fully secure with multiple levels of redundancies. To protect your data we have implemented the following security protocols:
SSAE Compliance—The data warehouse, which stores all data on Procorem, complies with the Standards for Attestation Engagements (SSAE). This standard serves as the authoritative guidance for reporting on service organizations.
Individual File Encryption—Every file stored on Procorem is protected with an individual encryption to prevent unwanted access. We employ 32Byte 256Bit AES Encryption on each individual file stored in our data warehouse. By encrypting on the file level, we are adhering to industry best practices to deliver the strongest file protection to keep your information secure.
Unique File Naming—Every file stored on Procorem is given a unique identification number in the data warehouse. The unique file name removes any identifiable traits for the stored files. By removing all identifiable traits to the documents, would-be security attackers have no way to identify your data were they even able to retrieve the files.
Extensions Removed—At Procorem, we go one step further by removing the file extension. By ensuring the file type is not associated with the stored document in our data warehouse we further disassociate your data with any distinguishable traits to potential security breaches.
In-App Security – Controlling User Access
On top of data encryption, Procorem has a number of in-app security protocols to empower our users to control who has access to what information with the Procorem application itself. We continue to develop additional security features within the application to make sure interaction with data is both secure and flexible. Procorem provides the following in-app security features:
WorkCenter Security—Within the Procorem application, documents are stored under project-specific WorkCenters. WorkCenters can only be created by users with appropriate access and only the people you invite into the WorkCenter will have access to the information. By controlling security on the WorkCenter level, instead of within folders, we deliver higher levels of security in a more simplified manner.
Configurable Security Roles—Based on customer feedback, we have implemented configurable security roles for Procorem. These configurable security roles go one step further than standard WorkCenter Security by allowing Procorem administrators to create their own custom security roles for users. With these roles you can control what your users can and can’t do within the WorkCenter. For more on configurable security roles take a look at the WorkCenter Roles section of the Help Center.
Email Security—Procorem integrates directly with email to provide alerts and notifications to keep your team aware of important project activity. Procorem allows users to email WorkCenters directly from their native email account. Unauthorized email submissions are prevented by requiring approval before posting into Procorem.
ITS – Protecting the Gates
The ProLink Solutions team follows industry best practices to include both technical security as well as internal business process redundancies. We look to leading organizations such as CMMI to help direct our internal security best practices to fully protect access to our software.
SSL Secured—SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client. SSL allows sensitive data to be transmitted securely. Procorem employs SSL security for all data transfers.
Penetration Testing—Penetration testing is an automated attack on a computer system to identify security weaknesses. Procorem leverages automated penetration testing software to look for ways to exploit or gain access to the system. Procorem security tests if malicious code can be executed as well as looks to identify vulnerable ports which can be opened insecurely.
Procorem Infrastructure—The management of the Procorem infrastructure is tracked fully by an automated ticketing system. The ticketing systems alerts ProLink Solutions staff of any and all changes to the system through automated alerts to ensure all changes are intentional and approved.
Segregation of Roles—Only our IT staff can make changes to the production environment, while the development staff are the only ones intimately familiar with the product code. This segregation of access ensures that no one person can make unwanted changes, or have unwanted access, to our product environment.
Multi-factor Authentication—All of our production environments at ProLink Solutions are protected with multi-factor authentication. Server-level access in all of our production environments requires multi-factor authentication. With tokens constantly changing this provides an additional layer of authentication to ensure appropriate system access.
As enterprise organizations continue to embrace the value that cloud hosted technology brings to the table, security will continue to be a core part of the discussion. At ProLink, we value your feedback and would love to hear from you on your concerns and questions on data security.