Versions Compared

Old Version 14

changes.mady.by.user Emil Eriksson

Saved on

compared with

New Version 15

changes.mady.by.user Yaad Karim

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

Security is one of the most important aspects of using Usage Engine. This document outlines some of the basic security considerations that should be upheld when using the service. Security defines several areas of interacting with data that are important in a given aspect:

  • Protection from unauthorized access
  • Handling of user data
  • Ensuring that technical specifications and guidelines are met

Usage Engine is designed to incorporate security considerations into all stages of development and operation of the product. All of the implemented designs and features are created with compliance in mind. Usage Engine is certified according to Information security is a fundamental aspect integrated across every stage of Usage Engine's software development and operational processes. Digital Route follows stringent security practices, which are rooted in the Open Web Application Security Project (OWASP) Top 10 project. To validate compliance with the OWASP Top 10 objectives, routine penetration testing is conducted by external and independent vendors. By adhering to these practices, Usage Engine attains industry-leading standards and practices, aiming to provide the highest level of protection. Usage Engine meets ensuring the utmost protection and meeting all enterprise security requirements. 

Info

For more information visit the Security and Compliance page.

...

  • Rules – These are mandatory actions that need to be followed to run the service as intended. Many of them are implemented directly via technical specifications and certifications.
  • Recommendations – These are best practices that are not mandatory, but are considered practical in maintaining a secure environment.

Vulnerabilities in the software undergo a triage process, where they are evaluated and prioritised based on severity and potential impact. This enables the implementation of targeted mitigation strategies to address the most critical vulnerabilities promptly, ensuring a strong security posture and protection against potential threats.

Privacy 

Usage Engine is a highly configurable service that can support various business models and processes. Data privacy requirements are to be fulfilled by configuring system interfaces, data structures, and relevant security settings.

...