Security is one of the most important aspects of using Usage Engine. This document outlines some of the basic security considerations that should be upheld when using the service. Security defines several areas of interacting with data that are important in a given aspect:
- Protection from unauthorized access
- Handling of user data
- Ensuring that technical specifications and guidelines are met
Usage Engine is designed to incorporate security considerations into all stages of development and operation of the product. All of the implemented designs and features are created with compliance in mind. Usage Engine is certified according to Information security is a fundamental aspect integrated across every stage of Usage Engine's software development and operational processes. Digital Route follows stringent security practices, which are rooted in the Open Web Application Security Project (OWASP) Top 10 project. To validate compliance with the OWASP Top 10 objectives, routine penetration testing is conducted by external and independent vendors. By adhering to these practices, Usage Engine attains industry-leading standards and practices, aiming to provide the highest level of protection. Usage Engine meets ensuring the utmost protection and meeting all enterprise security requirements.
For more information visit the Security and Compliance page.
- Rules – These are mandatory actions that need to be followed to run the service as intended. Many of them are implemented directly via technical specifications and certifications.
- Recommendations – These are best practices that are not mandatory, but are considered practical in maintaining a secure environment.
Vulnerabilities in the software undergo a triage process, where they are evaluated and prioritised based on severity and potential impact. This enables the implementation of targeted mitigation strategies to address the most critical vulnerabilities promptly, ensuring a strong security posture and protection against potential threats.
Usage Engine is a highly configurable service that can support various business models and processes. Data privacy requirements are to be fulfilled by configuring system interfaces, data structures, and relevant security settings.