Dear reader,

Perhaps you also see this in your own organisation. There is an increasing awareness that organisations are vulnerable when it comes to information security.

We are also aware that we must provide you, our customer, with secure online services. This is partly the reason that we as an organisation are busy obtaining the ISO 27001 certification for information security. This will let us give you even more assurance that your information and data are safe and secure with us. In the run-up to us obtaining our ISO certification, we immediately seized the opportunity to take a close look at our security measures, harmonise these further and upgrade these to the latest security standards.

What is secure and how can you be sure?

As a builder of a web application, you make every effort to provide a good, secure, stable service. However, unless this is checked and extensively tested by an outside party, this security will not extend beyond your own knowledge and experience. It’s like, say, butchers inspecting their own meat.

To make sure that there are no security gaps or other weaknesses in your systems, a “pen test” (short for penetration test) is carried out. During a pen test, an independent external party specialised in security issues tests your entire system and security measures and checks for any technical and/or security issues.

Pen test

At the request of one of our customers, such a pen test has now been carried out. Can we say we came out with a perfect score and nothing was found? No, but apart from a few suggestions for improvement (which we immediately addressed and implemented), we passed the test with flying colours.

For you as a customer, knowing that we ensure your privacy and that your data is always secure provides peace of mind. And for our development team, who worked so hard in recent months to implement a completely new security protocol, it is recognition of their high level of trade professionalism.

For the techies among you, here’s a summary of technical measures we have implemented:

• The previously multiple security models and technologies have now been harmonised to one model for users and one model for third-party connections
• Everything based on standards:
  • Users: OAuth2/OpenID Connect through an external Auth Provider
  • External: JSON Web Tokens
• Customers who support OAuth2/OpenID Connect can connect through Single Sign-On with Sensus BPM Online and have their own system as Auth Provider
• All non-SSO customers log in through Auth0, a third-party Auth Provider. We don’t reinvent the wheel, we leave it to the professionals
• Auth0 has log-in-as-a-service as a business, so it guarantees high quality and security and is fully up to date. Customer data is kept secure.
• IP filter per licence possible on Sensus BPM Publisher and/or Sensus BPM Designer
• Option for email filter per licence on the Sensus BPM Publisher and/or Sensus BPM Designer
• The licensing structure ensures that people can’t access projects they don’t have authorisation to access
• With the licensing structure the customer is assured they can use the features they paid for
• The project rights structure ensures different levels of modification for the project

In other words – secure, more secure, most secure.

The Board,

Sensus process management