Delivering Software You Can Trust With A Safe, Secure Infrastructure
The Hub is securely hosted on the Google Cloud Platform, with data stored in UK-based datacentres. There's zero maintenance and no impact on your local IT, with Google servers providing your intranet with unlimited data storage, The Hub offers a SaaS solution that's quick to implement and adheres to the highest levels of security.
ISO 27001 CERTIFIED
Pancentric is proud to be ISO 27001:2013 certified, and our Hub intranet product is fully compliant with ISO's Information Security Management. Our impeccable security processes and robust infrastructure ensures your Hub's data is secure.
ADDITIONAL INFRASTRUCTURE SECURITY
Separate development, testing and live environments, with dedicated virtual servers and segregated networks.
Servers are secured behind 'default deny' firewall rules and locked down to prevent any unauthorized access.
All servers are hardened in line with standard industry practices.
24x7 monitoring and protection from our dedicated server management team.
Nightly backups which can be restored at short notice.
Intrusion Detection Systems are installed using Deep Packet Inspection to identify, and stop external attacks.
Servers are regularly patched against known security vulnerabilities. These patches are tested prior to use on staging environments which ensures that they do not adversely impact production environments.
The Hub runs on Kubernetes, an open-source platform which enables automated deployment, infinite scaling and effortless management of the application. Employing Kubernetes ensures your Hub's environment grows with you.
Bootstrap is the world's most popular open-source framework for building fully responsive, mobile-first platforms. Utilising Bootstrap to standardise the Hub's front-end ensures a responsive design that's well supported across browsers and devices.
All form and URL inputs are sanitised to protect the integrity of the Hub and to protect against SQL injection (SQLi), Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and other types of attack.
The Hub only runs over SSL and cannot be embedded into other systems.
The 'IP Address' module on the Hub can be configured to allow general access and use of single sign-on (SSO) to be locked down to single or multiple IP addresses and ranges.
All client data is encrypted on the Google Cloud Platform when at rest
When in transit, all data between the Hub and your network is protected with encryption using HTTPS and TSL.
Uploaded files are immediately scanned for viruses, any potentially compromising files are deleted, and our incident response team are alerted.
Audit logs of user activity are kept on all core databases tables, and can be accessed (based on user permission) in real-time from within the Hub's Reports.
The Hub utilises Google 2-Step Verification which can be manually turned on within your Hub settings, providing an extra layer of security when logging in by requiring an additional security passcode. The Hub is compatible with standard two-factor authentication apps such as Google Authenticator and Duo Mobile.
Instead of setting up a dedicated Hub username and password, Single Sign On (SSO) allows you to opt-in and authenticate using your own existing systems and login information; including Azure AD, Google, Facebook, Microsoft Office 365 or OKTA.
Each module and feature within the Hub has its own set of permissions which govern access, editing and management rights, allow you to create custom access levels or 'User Types' for specific users or groups.
Permissions to each module and feature are checked at run-time, making any permission changes instant instead of relying on users logging out in order for role changes to take effect.
Hub Search results only display pages and files based on the current users viewing permissions.
CONTENT MODERATION & APPROVAL PROCESS
Content publication on the Hub can be configured to allow for dedicated Viewers, Editors, Approvers and Owners of those pages, enabling you to restrict access and editing permissions by user, group or community.
News articles within the Hub have a structured approval process whereby Editors must request approval from an Approver or Owner of that News Category in order to publish content.
The Hub can be configured to automatically log users out after a set period of inactivity (which you determine).
CUSTOM PASSWORD POLICY
Configurable password policy: minimum length, strength, expiry, re-use and browser auto-complete rules are all customisable within the Hub.
Passwords are encrypted using one-way hashes and separate salt for each client. Common passwords are rejected.
Accounts are temporarily locked out after three consecutive failed logins.
All login attempts are logged in the database and can be reviewed via User Activity and LogIn Reports.
If a user resets their password, then any other logins within that user's credentials are immediately invalidated.
Pancentric performs Enhanced DBS (Disclosure and Barring Services) background checks on all employees, covering complete criminal history, as well as five year address and employment history, and education verification.
All Hub development is carried out in-house at our London office, and we do not share any client data with third parties.
ISO 27001 COMPLIANT
Pancentric achieved zero non-conformities in its ISO 27001:2013 certification, demonstrating exceptional monitoring, controls and support processes to ensure robust and secure information management.
Our ISO 27001 compliant security policies are regularly reviewed and externally audited, and cover device management, code reviews, change management, incident response, disaster recovery, acceptable use, etc.
Pancentric is Security Governance certified to ISO/IEC 27001, with a dedicated Information Security Steering Group responsible for policy changes and approvals.
CONTROLLED DATA ACCESS
Pancentric's access to client data is strictly controlled and only available to authorised personnel.