TAG LINE
TAG LINE
SMALL TITLE

Security

Last Updated: Tue Nov 30 2021

A Billing Platform processes and stores sensitive data. Businesses expect that the data is treated in a secure manner with applicable levels of governance. Security is a critical and important component of the LogiSense offering. LogiSense provides a layered approach to security starting with strong password and account management. The LogiSense Billing portal can only be accessed via the secure HTTPS based protocol. Strict role based policies ensure that only authorized users can access sensitive customer data and logs. In addition to this, applicable governance and privacy regulatory requirements such as GDPR are met.

Layered Security

LogiSense uses a layered approach for Security by combining various methodologies to achieve the highest level of security without unduly impacting the user experience.

Layer

Description

Password Management

This encompasses the creation and enforcing of strong passwords, failed logon limits, password history, and account lockouts.

Role Based Permissions

Granular permissions can be configured through the admin portal which define applicable access control rights for login users

Authentication of User Traffic

Encrypt (via SSL) and authenticate user traffic between the client browser and the web server hosting the Admin Portal. Prevent username and passwords from being sent in plain text across the internet.

Firewall Protection

Require all LogiSense system administration staff to VPN and authenticate with the network prior to accessing any parts of the infrastructure.

Hosting Security

LogiSense infrastructure is hosted on the Amazon Web Services (AWS) hosting environment. The LogiSense hosting environment is SSAE16 and ISO/IEC 27001 compliant and offers extensive protection of data, guards against service interruptions along with LogiSense’s SOC 1 Type II certification.

Aspect

Description

Monitoring

Continual intrusion detection monitoring performed on infrastructure

Architecture

Deployment architecture is provided in a segregated environment with layered physical security and authentication between each zone.

Backups

All off-site database backups are encrypted

Vulnerability

Monthly vulnerability scans are performed on infrastructure

Penetration Testing

External and Internal Penetration Tests performed by 3rd party

Training

Annual company wide security training and annual developer training in secure coding.

PCI DSS

LogiSense maintains a PCI Level 1 compliance ensuring all system requirements, processes and procedures meet PCI requirements for credit card processing

API Security

LogiSense provides REST API support for integration into CRM, self-care and other enterprise applications that require interface capability with back office systems. The REST API supports SSL based authentication. The API transactions require role based tokenized authentication and unauthorized access via the API will result in exceptions.

Passwords and Encryption

Encryption is performed where necessary in the platform to ensure that sensitive information is protected. Multiple options are provided for password security in the Admin Portal. Password parameters such as minimum password length and rules can be configured on a per role basis. Mechanisms are provided via the admin portal to reset passwords where necessary: for example, if a password times out or expires.

LogiSense supports a client server architecture where the client web portal communicates with the backend server over the network. To ensure that the communications between client and server is authenticated and to support the privacy and integrity of the exchanged data, LogiSense enforces the HTTPS communications. HTTPS provides bidirectional encryption of communications between the LogiSense portal and Amazon hosted server, which protects against eavesdropping and tampering.

Logging

Activity from all users is logged without exceptions. All logging is done locally and stored in the database. Logs cannot be deleted without having the requisite permissions. This prevents inadvertent tampering since access to the database is restricted to qualified personnel only. All API calls are logged with complete visibility into the call request details and responses. This ensures that a complete audit trail of all operations in the system is retained and available for audit at a later time.