Resources

Flexperto’s Introduction Video

Watch now

Order processing GDPR

Watch now

Sub-service providers

Watch now

System requirements

Watch now

IT-security concept

Watch now

Systemstatus

Watch now

Technical and organizational measures

Watch now

Our measures and functions at a glance

Physical security

 

Devices

All data is hosted on servers in facilities that have ISO 27001 certification. Your data is physically and logically separated from that of other customers. All data centers have redundant power supplies (UPS and backup generator).

 

On-site-security

The data centers feature security zones, around-the-clock security staff, outdoor video surveillance, individual identification through electronic access control and alarm systems.

 

Surveillance

All systems, connected devices and circuits within the production network are continuously monitored by Flexperto. Physical security and power supply are monitored by the provider of the respective facility.

 

Locations

Flexperto and our sub-service providers use data centers in Germany or other countries within Europe. Co-browsing can be offered entirely within German data centers. In exceptional cases, for certain functionalities such as Omni-Channel-Messaging via Consumer Messaging, service providers outside Europe are also used.

Network security

Protection

Our network is protected by firewalls, best-in-class router technology, secure HTTPS transport over public networks, regular audits, and network intrusion detection and/or prevention technologies (IDS/IPS) that monitor and block malicious traffic and network attacks.

Architecture

Our network security architecture consists of multiple security zones. More sensitive systems, such as database servers, are located in the most trusted zone. Other systems are located in zones appropriate to their sensitivity depending on their function, information classification and risk. Depending on the zone, additional security monitoring and access controls are used. DMZs are used between the internet and internally between the different trust zones.

Web Application Firewalls (WAF) and Monitoring

The most important entry and exit points for application data flows are monitored by Web application firewalls. The systems are configured to trigger alerts when incidents and values exceed specified thresholds and use regularly updated signatures based on new threats. This includes around-the-clock system monitoring.

 

Threat-Intelligence-Programme

Flexperto participates in several Threat-Intelligence-Programmes. We monitor our systems for threats reported in these threat intelligence networks and take action based on our risks and level of exposure.

 

Logical access

Access to the Flexperto Production Network is explicitly based on the need-to-know principle and the principle of least privilege, and is constantly monitored. Several authentication factors are required to access the Flexperto Production Network.

Encryption

Data-in-transit encryption

Communication between you and Flexperto servers is encrypted using HTTPS and Transport Layer Security (TLS) over public networks. TLS is also supported for e-mail encryption.

Data-at-rest encryption

All Flexperto customers benefit from data-at-rest encryption protection for offsite storage of attachments and complete daily backups.

Up-to-dateTLS cyphers

Flexperto is using the following TLS cyphers:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

Feel free to check them here:

https://www.ssllabs.com/ssltest/analyze.html?d=team.Flexperto.com

Availability and continuity

 

Avalaibility

Flexperto manages a publicly accessible system status website, which contains details on system availability and the history of service operations.

 

Redundance

Flexperto uses service clustering and network redundancies to avoid individual sources of error. Our strict backup strategy ensures that service data is actively replicated in primary and secondary systems and facilities. Our co-location databases are stored on state-of-the-art storage units with multiple servers per database cluster.

 

Disaster Recovery

Our Disaster Recovery (DR) program ensures that our services remain available or can be easily restored in the event of a disaster. This is achieved by creating a robust technical environment, as well as disaster recovery plans and testing.

 

Backups

Flexperto uses a 3-generation backup policy that includes up to 3 copies of important files. Backups are created and restored via a dedicated network interface so as not to interfere with production-related data traffic.

Secure development

 

Security checks

Our development is based on third-party packages that are actively and automatically checked for security holes and vulnerabilities. The framework used in our platform has inherent controls to reduce exposure to Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF) and SQL Injections (SQLi), including a focus on OWASP Top 10.

 

Code reviews

No source code becomes part of the code base unless it is reviewed and approved by at least two other engineers. This ensures very high code quality and allows errors to be detected at a very early stage of the application integration process.

 

Quality Assurance (QA)

Our highly skilled QA department reviews, tests, identifies and fixes security vulnerabilities in our developer-tested code and application.

 

100% test coverage

A large part of the services of the Flexperto platform is completely covered by component tests.

 

Seperate environments

Test and staging environments are physically and logically separated from the production environment. No valid service data is used in the development or test environments.

 

Code-Quality-Analysis

We use a number of tools to ensure code quality and dynamically analyze the code to meet our coding standards and rules.

Application weaknesses

Dynamic testing for weaknesses

We use a number of qualified third-party security tools to continuously scan our platform for security vulnerabilities

 

Static code analysis

The source code repositories of our platform are continuously being checked for security issues by our integrated static analysis tool.

Product safety functions

 

Authentification

The Flexperto platform provides a simple mechanism for password authentication. Single Sign-On (SSO) with SAML for secure and easy integration with your service provider (Facebook, Twitter, Google, etc.) is also possible.

 

Single-Sign-On (SSO)

With Single Sign-On (SSO), you can authenticate users in your own systems without having to enter additional login information for your Flexperto instance. SAML (Security Assertion Markup Language) is supported.

 

Configurable password policy

The Flexperto platform provides user-defined password rules for users. Only administrators can change the password security level. Minimum length, letters, numbers and special characters are some of the applicable rules.

 

Secure storage of credentials

Flexperto follows best practices for storing secure credentials by never storing passwords in a human readable format and only as a result of a secure, salted one-way hash. For password and token hashing, we use Salted SHA256 hashes.