ProjectProgress Security Taken Seriously

ProjectProgress provides cutting edge security to ensure that your project data is never compromised. We devote significant resource to continually develop our security infrastructure because we know that security is crucial to our customers.

Physical Security

The ProjectProgress production servers are hosted in the TeleHouse data centre in London’s Docklands. The data centre has the highest levels of physical security that would be expected of a Tier 1, BS7799 approved, ISP data centre including: monitored access to the data centre,and PIN to access ProjectProgress’s suite,locked cabinets, and recorded surveillance at every step of the way.

Perimeter Defences

The Telehouse network is fully fault-tolerant with access to the internet controlled by multiple providers, each having multiple connections to the building. There are redundant paths from each of these connections through multiple network routers,firewalls, and switches to the actual servers. ProjectProgress servers are isolated using a secure switched network.

User Authentication

Users are only allowed to access ProjectProgress after logging in with a valid username and password combination. Authentication is performed using the secure ProjectProgress registry.

User Registration

User registration is processed by the ProjectProgress web services platform. This provides a secure, online, registry for web applications to which users need only register once. Personal details are held, securely encrypted, in ProjectProgress and managed there by the user.

Application Security

ProjectProgress implements an extensive permissions architecture that governs the access rights of user accounts to projects. From visibility of projects, through access to risk and issues logs, to administrative rights. User accounts do not see any content from a project without being given appropriate rights by an administrator for that project.

Internal Systems Security

Within the firewall, ProjectProgress production systems are safeguarded using secure LANs, Network Address Translation and port redirection.

Operating System Security

ProjectProgress enforce tight control of production systems. Access is restricted and all systems are protected with strong passwords. All operating systems are maintained at the manufacturers recommended patch level and all security updates are applied immediately. Systems are hardened and regularly audited.

Database Security

Database access is strictly controlled at the operating system and database connection levels. Access to production databases is restricted to a limited number of points and production databases do not share a master password.

Server Management Security

All data entered into ProjectProgress by a customer is owned by that customer.

Reliability and Backup

All ProjectProgress servers are managed in a redundant configuration. Customer data is stored in a database cluster backed by RAID disks and automatically backed up to a tape library which is replicated to secure, fire resistant, off-site storage.