Information Security

Introduction

ShareBrief is committed to maintaining the security of information hosted and processed by us and our information security policy and procedures are carefully designed to protect the security and confidentiality of all data residing within our software. The information security measures we put in place evolve regularly to keep pace with commercial best practice and our security policies and procedures may accordingly be revised or updated from time to time in order to preserve the security and integrity of data residing under our control.

Cryptography

ShareBrief.com uses both Elliptic Curve Cryptography (ECC) and Secure Sockets Layer (SSL) certificates to ensure appropriate encryption of all data passed across the Internet between a user and a ShareBrief hosted software server. Elliptic Curve Cryptography has been endorsed by the US National Institute of Standards and Technology (NIST) in its Suite B set of recommended algorithms and is the same level of encryption approved by the US National Security Agency for protecting information classified up to Top Secret classification level.

Hosting

ShareBrief.com is hosted at data centres that are ISO 9001, ISO 27001 and HIPAA-certified for web hosting and information security management systems. Where requested, ShareBrief software may be licensed for installation at client premises behind private firewalls (where required by clients) in accordance with security specifications determined by clients.

Where we provide hosting services to our End-Users or on behalf of our resellers, the data centres we utilise will offer appropriate measures designed to ensure the security and accessibility of data. These measures will typically include but not be limited to the use security cameras, biometric scanning and ID card authentication to secure access to physical services, multiple CAT diesel generators, HVAC cooling systems and early fire warning detection systems to protect against loss of data and storage of data on multiple hard-disks, such as in a RAID 1 or 2 array, to ensure that ShareBrief software continues running with no loss of data or performance in the event of a drive failure. In addition, all documents and data residing with ShareBrief software is backed-up once every 24 hours. ShareBrief-hosted servers sit behind firewalls and are carefully monitored, regulated and patched with security updates.

Access Control

Authorized ShareBrief software users' access to client projects and documents is controlled by a secure login requiring a valid username and password and all passwords are encrypted.

Access to our software may be restricted to specific IP addresses or IP address ranges to limit the workstations from which our software may be accessed. In addition, to prevent automated scripts from running thousands of password combination guesses, in the event of three incorrect password guesses, we may require additional human-user security checks to be passed to login to our software.

Additional secure two-factor authentication can also be activated or deactivated for individual ShareBrief.com user as necessary.

Domains & URLs

ShareBrief sites may be hosted on both public domains such as ShareBrief.com or private domains. 

All input fields within ShareBrief software are validated; escaped and quoted to prevent SQL injections and all variables passed through the URL are thoroughly validated. No strings may be passed in the URL for user input only integers, allowing careful validation and prevention against SQL injections.


Responsibility

We expect a similar commitment to best practice from our clients and resellers both by respecting the confidentiality of passwords and access codes and by ensuring their own software and hardware remains updated and secured.


For more information on our Information Security policies contact security@sharebrief.com.