Technology and security
The networked based cloud service is based on Microsoft’s products. Sopima’s service is implemented on Microsoft Windows Azure cloud service platform and its user interface takes advantage of the HTML5 -technology.
On an infrastructure level the security has been audited by our leading partners in the field. Sopima’s service is delivered from Microsoft’s top-security data center in Dublin, Ireland. Microsoft’s Dublin data center has got world class security measures and it is ISO/IEC 27001:2005 certified. For more information on Microsoft’s data center security click here. Check the videos found on the website as well.
Sopima’s functional and product development security has been audited by Nixu. They compared Sopima’s security to international standard such as ISO27001, COBIT and PCI DSS, Sopima’s product development uses the model of secure development which contains the following areas:
- Requirements and risk analysis
- Architecture analysis
- Use of best practices
- Checking for vulnerabilities
- Source code auditing and analysis
- Testing of security
Sopima’s service supports infrastructure and employee level security with the following measures:
- The contract attachments have been encrypted with AES 256. For example Sopima’s or Microsoft’s personnel cannot access the decrypted versions of contracts. So they cannot read their content.
- The service is used over a secure Internet connection (128 bit SSL). The server communication is certified by RapidSSL.
- With regard to contract information’s sensitivity the service offers the possibility to assign rights for different user groups. Virtual folders can be given access to one or more user groups.
- The service offers a ready made set of user groups and their default rights. These can be changed according to the organization’s requirements.