top of page

Security

Security by design

We take a security by design approach to protecting your data and have built our platform using best practices for highly available, scalable, and secure cloud applications.

 

Our systems are hosted on Oracle Cloud Infrastructure and benefit from enterprise grade security using best in class components and high levels of automated threat detection, response and patching

 

https://www.oracle.com/a/ocom/docs/oracle-cloud-infrastructure-security-architecture.pd

​

Data Encryption

  • Traffic is encrypted using TLS 1.3 with a modern cipher suite, supporting TLS 1.2 at minimum.

  • Personally Identifiable Information (PII) is encrypted at rest across our infrastructure using AES-256 or better.

  • Credentials are hashed and salted using a modern hash function.

  • Access to data is controlled by a triple lock of User, Company and project. If this checksum fails for any reason the user will be logged out of the system.

​

​

Physical Security

PortfoliON is a cloud-based company, with no part of our infrastructure retained on-premise.

​

PortfoliON Web SaaS services are hosted, in their entirety, on Oracle Cloud Infrastructure (OCI)

​

General Data Protection Regulation (GDPR)

PortfoliON adheres to GDPR standards and is registered within the EU with relevant Data Authorities.

PortfoliON customers who are data controllers can download and export all files and projects at any point in time. Your projects stay as accessible as you want them to be and under your control with administrative settings to ensure conformity and access when you need it.

​

Security Awareness and Training

PortfoliON understands that its security is dependent on its employees and sub contractors. Therefore, all our employees undergo information security awareness training during onboarding.

​

Additionally, all employees must sign our Acceptable Use Policy along with non-disclosure agreements.

​

​

Access Control

We know the data you upload to PortfoliON is private and confidential. We regularly conduct user access reviews to ensure appropriate permissions are in place, in accordance with the least privilege principle.

Employees will not access your data unless you invite them to as part of a service delivery request or incident.

Employees have their access rights promptly modified upon change in employment.

bottom of page