Security, Trust, and Assurance
Security, Trust, and Assurance
The security of personal, financial, and corporate data is of the highest importance to Planview and its customers. Planview's ongoing commitment to ensuring the highest standards of security is of the highest priority. This is the reason some of the world's largest businesses and financial institutions entrust the storage and safety of their most sensitive data to Planview.
Projectplace has demonstrated a track record of high availability, with over 99.98 percent uptime since 2004.
- Locked-up network perimeter
- The network containing the Projectplace production servers (the service) is protected by redundant firewalls, intrusion detection systems and load balancers.
- World class security
- We use known most secure Internet protocol, TLS 1.2 to encrypt data in transit. All files uploaded to Projectplace are also automatically encrypted when stored in our servers. We generate a unique key, using the AES-256 encryption algorithm and save files anonymously so that they cannot be identified.
- Strong passwords and unique user names
- Each user in Projectplace is identified with a unique user name and authenticated in the system with a personal password. Specific password requirements, such as password length and complexity, can be implemented by the Project administrator.
- Role-based access control at folder level
- Access control can be implemented at the folder level in Projectplace to prevent or enable user groups to access, read and modify the contents of a folder within a project.
- Two-step verification
- With two-step verification users' accounts are protected by both their password and their mobile. We encourage all Projectplace users to enable this extra layer of user login security.
- Integration with single sign-on (SSO)
- No need to remember multiple passwords
- Projectplace supports single sign-on (SSO) and utilizes SAML and active directory federation service for its enterprise clients.
- Physical and environmental measures
- The Projectplace production environments are currently hosted in Ohio, USA for our U.S./Latin America customers and in Stockholm, Sweden for all other worldwide customers. Projectplace uses ISO-27001 certified and SOC2/SSAE16 audited co-location facilities, which provide around-the-clock physical security and top-notch environmental protection. It includes comprehensive identification systems, automatic fire protection, redundant climate control and fail-over power supply.
- Protection against malware
- Projectplace provides file integrity monitoring and anti-virus software for all our critical systems commonly affected by malware.
- Audit logging, monitoring and traceability
- Projectplace enables comprehensive traceability by means of object history. All changes are logged and visible. Logging information is stored in a secure manner to prevent unauthorized changes.
- System status and performance
Since 2004, Projectplace has an average uptime of 99.98%
The availability of the Projectplace service and the uptime status are monitored by an independent third party (Pingdom) and published daily on the Projectplace website.
- Multi-layer redundancy
- The network infrastructure of each Projectplace instance (Ohio, USA & Stockholm, Sweden) is designed for complete redundancy and maximum availability. In the event of failure, all operation-critical equipment -including routers, firewalls, web, application and database servers, as well as storage and network arrays -is deployed and configured for seamless transition.
- Web acceleration using Akamai
- Thanks to collaboration with Akamai content delivery service, one of the world’s leading distributed, computing platforms, Projectplace is now even faster and more reliable.
- Disaster recovery and business contingency
- The Projectplace production system is run on a multi-site cluster at two geographically dispersed locations. All critical servers and applications are installed at both locations, which, in the event of a major disruption or disaster, ensures business continuity. If one of the locations fails, the second site is configured to take over all production tasks with minimal service disruptions and capacity loss.
- Backup and restoration
- Projectplace has into effect multi-step mirroring and backup routines for the production databases and document storage systems. In the unlikely event of multiple server failure, the backup's sole purpose is to restore the entire production system.
A significant trust factor is derived from focus on the integrity of client data. Project data stored in the Projectplace service is safeguarded against potential access from overseas legislation, such as, for example, the United States Patriot Act.
- Applicable legislation
- A significant competitive differentiator for Projectplace is its focus on the privacy and integrity of its client data, including protection from potential access by overseas legislation, such as the United States Patriot Act. Global systems are hosted in Stockholm, Sweden, while North American systems are hosted in Ohio, USA. Client data never leaves the Projectplace private cloud.
- Privacy statement
The only personal information that can be viewed by Projectplace support and sale staff is the user’s contact information – i.e. name, e-mail address, address, phone numbers and membership of projects. Projectplace does not share this information with anyone, nor does it sell or market this information to any third party.
The Projectplace privacy statement explains how the company gathers and disseminates user-related information.
- Cookie information
- Data retention and owners
All client files stored in Projectplace are owned solely by the user and can be downloaded at any time during the project's lifecycle.
Once a user has initiated the deletion of project data (by emptying a project's waste basket or terminating a project) all data is securely deleted within 30 days.
- Escrow and Exit Strategies
Projectplace has been and is a trusted service for cloud-based project management software since 1998. Some 850,000 users in over 160 countries use Projectplace every day with great success. Some of their stories can be read on the website.
Projectplace offers users the technical assurance that all project documents and plans can be downloaded for off-line retention.
Projectplace clients feel reassured, knowing their data is in good hands.
- ISO-certified service
- Projectplace has been awarded ISO-27001 certification, an international standard for information security. This includes pro-active management of information security risks and controls. ISO-27001, a high-end certificate, guarantees that Projectplace has well-established information-security structures running throughout the organization – from top to bottom.
- Enterprise-ready service
- Skyhigh Networks performs objective and thorough evaluations of the enterprise-readiness of cloud service based on a detailed set of criteria developed in conjunction with the Cloud Security Alliance (CSA). Services designated as Skyhigh Enterprise-Ready are the services receiving the highest CloudTrust™ Ratings, which fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.
- Cloud security alliance – STAR
The Security, Trust & Assurance Registry (STAR) of CSA is a publicly accessible registry that documents the security controls provided by various cloud computing offerings. This helps users assess the security of cloud providers they currently use or are considering. It is a simple yet powerful concept: cloud providers post self-assessments of their cloud services, CSA makes these assessments publicly available and cloud consumers use this data to make informed purchasing decisions.
Projectplace is proud to participate in this initiative and openly publishes information about its security controls.
- CSA cloud security alliance independent audits
Projectplace commits considerable resources to continually assessing security threats, as well as to developing its infrastructure and system’s security functions. The Projectplace infrastructure and application is subject to regular vulnerability scans (every quarter) and annual penetration tests, performed by independent third parties. These tests are also repeated after the occurrence of any significant changes to its environment.
Additionally, Projectplace entrusts external auditors to evaluate its information security practices and general IT controls.