WebProof is security certified

How secure is your Document Proofing Process?

Is it too much to say that we live in an insecure world? And when we say the world, we mean both the real and cyber worlds. We especially mean the digital world where most of our business activities take place. This just couldn’t be more true when it comes to the document proofing process. You’re extremely vulnerable when proofing your documents.

Why?

Because you’re maybe doing it the old, and definitely outdated, email way. From a security point of view, this is a living nightmare. All of your files are scattered around while you’re desperately trying to keep track of the thousands of emails used for document proofing. Can you make sure that all of these emails have the desirable security options? Can you make sure that private email addresses aren’t being used? Of course you can’t. And this is exactly what the cyber predators and hackers are expecting to find. Is there a solution?

Document proofing in a safe and secure environment

WebProof is an online document collaboration and proofing platform that treats potential security concerns as its top priority. When it comes to the safety of WebProof’s clients, there’s no room for mistakes or any kind of compromises. Additionally, you should be aware that WebProof is one of the very few SaaS (Software-as-a-Service) companies that has obtained the prestigious ISO 27001 Security Certification. To give additional weight to this remarkable achievement, both WebProof’s Software and Cloud Hosting got this ISO 27001 certification.

Download ISO 27001 certificate of WebProof

There you have it

With the ISO 27001 Security Certification, WebProof gives you the best security guarantee you could possibly wish for. In case you have been wondering how secure WebProof itself is as a company, we took care of that, too. Regarding its economic rating and financial stability, WebProof is a proud AAA verification holder. Less than 2% of all companies have managed to get that. So it’s really something! What does this mean for you and your document proofing? Well, first of all, ISO 27001 Security Certification gives you much-needed peace of mind when it comes to top-class bulletproof security. Secondly, you can use our proofing services and tools with no fear that they might become unavailable at a certain point as a result of financial troubles or economic instability.

Top security standards for top clients

If you want to find out more about ISO 27001 Security Certification, feel free to Google it or contact our support team. You can see for yourself how difficult and complex it is to obtain this kind of certification in the first place. At the same time, you’re going to appreciate an opportunity to proof your documents without having to worry about compromising your sensitive corporate information and exposing your documents to security vulnerabilities.

How does ADOBE look at SaaS security?

Nowadays, more than 94% of all companies are strongly dependent on SaaS. Furthermore, according to the findings of the Info-Tech Research Group, the overwhelming majority of IT managers put more faith in the SaaS security than in their own security solutions and resources. Being an Adobe partner, WebProof closely follows all security trends and validates the trustworthiness of the SaaS security on a daily basis. Here’s the SaaS Security Report issued by the Info-Tech Research Group, so you can get a closer look. Adobe strongly encourages its partners to acquire Security Certifications and apply the highest SaaS Security Standards. WebProof will remain faithful to its policy of applying only the most prestigious and trustworthy certifications available in the industry. We will make sure that your document proofing is always efficient, economic, and above all – secure!

What is an ISO 27001 - Information Security Management certification?

An Information Security Management System is a systematic and proactive approach to effectively manage any risks to the security of the company’s confidential information. The system promotes efficient management of sensitive corporate information, identifying vulnerabilities to ensure that the information is adequately protected against potential threats. It encompasses premises security, people, process, and IT systems, and this reassures you that WebProof maintains its own integrity in regards to the safeguarding of its data. WebProof's ISO 27001 Certificate can be downloaded here: WebProof ISO 27001 certificate

The ISO/IEC 27000 family of standards helps organizations keep information assets secure. Using this family of standards will help your organ- ization manage the security of assets such as financial information, intellectual property, employee details, or information entrusted to you by third parties. ISO/IEC 27001 is the best-known standard in the family, providing requirements for an information security management system (ISMS).

What is an ISMS?

An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes, and IT systems by applying a risk management process. It can help small, medium, and large businesses in any sector keep information assets secure. You can preview the freely available sections of ISO/IEC 27001:2013 on Online Browsing Platform. To purchase the standard, please visit the ISO Store. Like other ISO management system standards, certification to ISO/IEC 27001 is possible but not obligatory. Some organizations choose to implement the standard to benefit from the best practice that it contains while others decide they also want to become certified to reassure customers and clients that its recommendations have been followed. ISO does not perform certification.


Read more about certification to ISO’s management system standards.

WebProof's use of Amazon is based on their Cloud security

Years back, WebProof moved more than 100 million files from own server park to the Amazon Cloud, not based on economic savings but, on the contrary, based on higher security in all aspects including load balance and  clustering. WebProof uses Amazon Web Services (AWS) as our Cloud center because it's the world's most secure hosting partner. Because it is based in Ireland, this hosting center follows the EU data protection requirements as well. Additionally, AWS is ISO 27001 Information Security Management-certified.

Amazon 27001 Compliance description

ISO 27001 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO 27001 best practice guidance. The basis of this certification is the development and implementation of a rigorous security program, which includes the development and implementation of an Information Security Management System (ISMS), which defines how AWS perpetually manages security in a holistic, comprehensive manner. This widely-recognized international security standard specifies that entities:

  • Systematically evaluate all information security risks, taking into account the impact of company threats and vulnerabilities
  • Design and implement a comprehensive suite of information security controls and other forms of risk management to address company and architecture security risks
  • Adopt an overarching management process to ensure that the information security controls meet our information security needs on an ongoing basis

AWS’ implementation of and alignment with ISO 27001, 27017, and 27018 demonstrates a commitment to information security at every level of the organization. AWS is assessed by an independent third-party auditor to validate alignment with the ISO 27001 standard. Compliance with these internationally-recognized standards and codes of practice is evidence that the AWS security program is comprehensive and in accordance with industry- leading best practices.

The AWS ISO 27001 certification can be downloaded here.

WebProof security elements and keywords to secure your data.

Security can roughly be divided into; Cloud hosting center security; application security; user security; development/debug and production security; development environment; and WebProof organization security. All areas equally important, nothing is stronger than its weakest link. Therefore, ISO 27001 is important because it is a secure way to keep the Information Security Information up to date. Everybody in our organization is involved in the ISO 27001 Information Management System. Both, the WebProof software and our organization are working in accordance with the LEAN theory, where ISO 27001 is a natural extension based on two of the rules – systematic follow-up, improve, follow-up, improve, etc. We will not document all the details involved to secure your data, but here are some of the answers to the typical FAQ we meet (see next page).

Download the security report

Typical FAQ

  • Cloud Hosting – we use Amazon Web Services which provide the highest possible security in the world. It complies with EU data protection protocols and AWS is, both, ISO 27001 and ISO 9001 certified. The datacenter fulfils all of the most widely used standards and security protocols in the world. Amazon Ireland is our data center. By using AWS, you will never meet speed limits or possible breakdowns in Internet connections as they have multiple Cloud locations and telecom providers. Please see below, more Amazon details and make sure to visit Amazon Web Service to see even more information.
  • The server park has security concerns: mirroring, clustering, firewall-security, etc.
  • No servers share a master password.
  • There is a fully redundant setup with no single-point of failure in hardware or network setup.
  • Client data and databases are separated on the server level. So, no mix-up is possible, not even if a human error should occur.
  • Disaster Recovery Plan is fast and easy. It is based on our clustering setup between physically separated servers which act as a instant backup.
  • WebProof support HTTS, FTP-S, TLS, etc.
  • WebProof runs as a minimum quarterly full security penetration scan, done by 3rd parties.
  • WebProof is 100% web-based. You just need a browser. No Java, no plug-ins, no add-ons and not even Flash!
  • WebProof has an advanced permission and rights management solution, with the result that only the correct user can get access to the correct version.
  • Client can lock visible access to specific pages in a project. Typically used for account pages in Annual Reports for companies on the Stock Exchange or pre-release info.
  • Protected against the PDF worm virus (users always only open a JPG and don’t have to download the PDF).
  • Data can be restored for one week back. If you delete a project by mistake, we can restore right away.
  • It is in WebProof possible to keep history/save data in archives for as long as you want.
  • The uptime guarantee is 99.9% over a 3 months period which is less than 5 minutes downtime per 24 hours. If this guarantee, contrary to expectation, should be exceeded then you will get a refund for the missing time.
  • Planned software and hardware maintenance is always sche-duled to take place at the weekend, at a time where statistics show little traffic, to ensure minimum customer disruption.
  • Inside our firewalls, systems are secured by network address translation, IP addressing, etc.
  • Password is encrypted and hashed and cannot be seen by anybody, not even the WebProof organization.
  • You can sign up for a 2048 bit SSL certificate
  • User password security set-up can be adjusted by the the client WebProof administrator but as a minimum it requires username and 5 character password which are saved as MD5 salted hash – this means neither WebProof or others will be able to decrypt. Only when the user knows the right username and password will they will be able to login.
  • All user data is logged, including IP, etc.
  • If wanted we will include a SMS code as an extended password solution, when users log in and when special status code are used - could be APPROVED. This to follow the American CFR Part 11, which is a similar security certification to ISO 27001.
  • All client info in WebProof summary can be exported as XML data. Also, management reports of all activities can be delivered directly or for sorting purposes.
  • The security of our system has already have been approved by our large customers IT-departments from LEGO, COOP, ICA, and other large well-known brands.
  • WebProofs many developers are located in different countries, providing highly skilled development resources which very few people have worldwide, and it’s why we go for the knowledge and not the location. Outsourced developers have limited access to development servers in the headquarters. They never have access to customer data.
  • WebProofs own developers are in our HQ. They put together all functionalities into WebProof and make sure it complies with WebProof standards. WebProof always own, and has full control of, the source code of the bits and pieces developed. Only 3 people at WebProof HQ access to customer production systems, when you have allowed this and been given access by you. No one at all can get logical access to customer data, unless username/password is provided by the customer. Passwords are never stored in plain text and only stored as salted hashed editions, making it impossible to decrypt.
  • Development of WebProof software is done in a separate physical location from the hosting centre. The two locations are completely independent of each other.
  • When an update is ready in its development location, the debug environment at the hosting location is updated. The debug location is based on the same setup as the production location but still separate from production in case any problems should occur.
  • When the update has been tested as OK on debug, it’s moved to production on one or more live systems.
  • Each live system in production has its own private container for data, database, and web. This means an update can be applied to only a few systems for real-life testing without affecting other live systems. Once the update has been running stable for some time, it’s applied to all live systems. The amount of time running in isolated production is dependant on the complexity of the update.
  • A small bugfix only needs a few hours to test but larger updates may need up to several weeks of testing. Instant rollback is always possible to do in case the update gives unwanted effects.
  • All who work for WebProof, sign a strict NDA and accept high requirements for identification and verification.
  • We use multi-factor authentication (MFA) which means that we can only access the system with a username, a strong password, and a personal one-time code, which changes every minute.
Download the security report

Book a free WebProof demo

Click here for a free online presentation!

Sign up for the latest news

Get notified for tips & special offers

Copyright WebProof A/S
support@webproof.comwww.webproof.comPrivacy Policy