Skip to content
The Protecht Group
  • Product
    Product
    Protecht

    Manage all your risks from one place. A single platform with endless possibilities to add to your business’s safety and success.

    Solutions
    • Enterprise risk management
    • Vendor risk management
    • Operational resilience
    • Compliance management
    • IT risk management
    • Audit management
    • Workplace health & safety
    • Asset & liability management
    • Treasury management
    Capabilities
    • Analytics & dashboards
    • Configurable platform
    • User experience
    • Implementation & support
    Useful information
    • Customer success
    • Academy
    • Our partners
    • ROI calculator
    • ERM buyer's guide
  • Industries
    Industries
    Industries

    A platform designed and implemented by experts who understand your industry. Dashboards and registers that meet your specific business needs.

    Industries
    • Banking
    • Fintech
    • Government
    • Insurance
    • Education
    • Industry
    Useful information
    • Customer success
    • Academy
    • Our partners
    • ROI calculator
    • ERM buyer's guide
  • Success stories
  • Knowledge hub
    Knowledge hub
    Knowledge hub

    The latest hot topics and learning experiences in risk management. Find out more with our blogs, eBooks, webinars, white papers, guides, Academy and more.

    Knowledge hub
    • Blog
    • Webinars
    • Academy
    • eBooks
    • Guides & white papers
    • Case studies
    Useful information
    • ROI calculator
    • ERM buyer's guide
  • About

    About

    • Our story
    • Leadership team
    • Customer success
    • Our partners
    • Company news
    • Work with us
    • Contact us
  • Support
  • Request a demo

Featured Search

Security and compliance

Overview

We know your data containing your risks, compliance, health and safety, internal audits, incidents are extremely important to you and your business, and we take protecting them seriously. That is why all our communications are secured using HTTPS and your data is encrypted at rest.

Our infrastructure uses trusted providers that are aligned to security best practices, ensuring data is protected at all times and only accessible by who you want. Our data centers use the latest cloud technologies providing a highly scalable and resilient platform that enables customers to access their data when they needed.

Protection

Protecht encrypts all communication between customers and our data centers through strong encryption. All login and post-login web pages in Protecht are served over TLS, a successor to SSL. We encrypt all data at rest using AES-256 encryption. Protecht protects its system infrastructure by using dedicated firewall and network services to block unauthorized system access.

Tight access control systems are enforced. Protecht employees are not able to access customer data unless specifically required to do so for support reasons.

Compliance

ISO27001

Protecht is ISO 27001 certified. ISO is an information security standard published by the International Organization for Standardization, the world’s largest developer of voluntary international standards, and the International Electrotechnical Commission (IEC). This certification was issued by an independent and accredited certification body based on successful completion of a formal audit process.

ISO27001-certification-badge

EU-GDPR

Protecht complies with the General Data Protection Regulation regarding processing of personal data of people in the European Union.

EU-GDPR-badge

UK-GDPR

Protecht complies with the General Data Protection Regulation regarding processing of personal data of people in the United Kingdom.

UK-GDPR-badge

 

ERM security features

Single Sign-On (SSO) support

SSO solutions such as Active Directory Federated Services (ADFS) via SAML are supported. Other SAML-compliant providers are also supported, including Google (SAML), Okta, Azure, and Vanguard.

Two-factor authentication

In Protecht.ERM, you can turn on two-factor authentication so that users must provide two forms of identity verification to access the system. This feature is available out-of-box and can be enabled from the user interface.

For clients who have Single-Sign-On (SSO) enabled, two-factor authentication can be enabled from the client's Identity Provider server that provides the SSO authentication.

IP restrictions

Clients can request that only designated IP addresses or IP ranges can have access to their site.

Encryption of data at rest

Databases and backups are encrypted at rest using AES-256 cipher.

Encryption of data in transit

Data in transit is protected by HTTPS (SSL) encryption. SSL versions and ciphers are limited to only those known to be secure. Currently TLS 1.2 is the only supported protocol

Separation of system and network environments

System and network environments are logically separated using VLAN.

Hardening of virtual images

All servers and virtual machines are hardened using the CIS Framework

File integrity, intrusion detection, and intrusion prevention

Host-based intrusion detection (HIDS) and host-based intrusion prevention (HIPS) are in place on all servers. The intrusion detection system monitors abnormal traffic patterns, while intrusion prevention works to stop malicious attacks. These components provide a zero day protection against a large number of attacks such as worms, Trojans, spyware, key loggers and malware from penetrating the network or spreading from already infected users.

Logging and activity history

The platform has comprehensive security logging and reporting capabilities. Clients can access these logs for monitoring purposes and identifying any system misuse.

  • History against each item – The platform maintains an audit trail of actions against each record.
  • Audit log – The platform has an Audit Log for tracking access and use of the system. The Audit Log is not exposed for reporting purposes by users. (Protecht does however make available the Audit Log to clients via a request to the Support Desk if required.)

Resilience

Protecht maintains business continuity plan and disaster recovery plan as part of the ISO 27001 certification. Protecht's SAAS products operate 24 x 7, regardless of time zone differences providing an standard SLA of 99.5% availability.

 

Penetration testing

Protecht takes security very seriously and proactively monitors and tests its network, data centre infrastructure, and application. We conduct ongoing security reviews and under special circumstances we work closely with customers to conduct their own scheduled tests as well.

Penetration testing and vulnerability management

External penetration testing is performed annually (or on significant changes to the infrastructure or application) and covers infrastructure and the application level. Penetration testing is also performed as part of the release process for each major release of the application.

Customer penetration and vulnerability testing

Clients or prospective clients can arrange for penetration testing. However, there are some limitations to ensure that other clients are not impacted. Protecht is also obligated to seek permission from the hosting provider before any penetration testing is performed. Additional testing can be organised through the support desk.

 

 

Responsible vulnerability disclosure policy

We are open to engage with the security community. Our security vulnerability disclosure policy allows you to responsibly share your findings with us.

If you think you have identified a security vulnerability in one of our products, infrastructure, or service, report it to us as quickly as possible.

Our policy doesn't authorize you to conduct security testing against Protecht. If you think a security vulnerability exists, please report it to us. We can test and verify it.

Find out more about our responsible vulnerability disclosure policy and report a security vulnerability

logo_protecht_invert
  • Enterprise risk management
  • Vendor risk management
  • Operational resilience
  • Compliance management
  • IT risk management
  • Audit management
  • Workplace health & safety
  • Asset & liability management
  • Treasury management
  • Banking
  • Fintech
  • Government
  • Insurance
  • Education
  • Industry
  • Success stories
  • Blog
  • Webinars
  • Academy
  • eBooks
  • Guides & white papers
  • ROI calculator
  • Buyer's guide
  • Our story
  • Leadership team
  • Customer success
  • Our partners
  • Company news
  • Work with us
  • Contact us
  • Support
  • Terms and Conditions
  • Privacy
  • Cookies
  • Security
  • Disclosure policy
© 2023 Protecht Group
77 New Cavendish Street, The Harley Building, London W1W 6XB, UK
Phone +44 20 3978 1360 | Email info@protechtgroup.com

Straight to your inbox

 

Subscribe today to get the latest thought leadership on risk management, governance and compliance industry trends, challenges, and insights.

You will receive notifications directly in your inbox once a month.