Security Measures

Our primary focus revolves around safeguarding your information. We uphold rigorous security protocols to ensure the seamless flow of our operations and keep data confidential. In the following sections, we will delve into the core security measures we employ, and shed light on what these measures mean for you and your data.

The Importance of Data Security

In the world of public procurement, confidentiality regarding tenders and strategies is key. We recognise the importance of protecting innovation, business relationships, trade secrets, and sensitive information. At Tendium, we facilitate all work related to public procurement and tenders without compromising security – ensuring your competitive advantage.

Safekeeping Your Data

Security Routines and Measures

Secure Updates

All updates and developments are made in accordance with our security standards.

Patch Management

New releases and updates continue without downtime, and any issues are resolved quickly.

Application Security

Updates are reviewed with end-to-end testing and statistical code analysis.

Cybersecurity

DDoS, attack tracking, network logging, etc. are used for cybersecurity.

Data Encryption

TLS v1.2 is applied, user passwords have a hash function, and all data is encrypted.

Backups

Backups are performed several times an hour.

Information and Cyber Security Policy

Tendium carries out ongoing updates in our security work to protect our IT security.

OWASP Top 10

Software development is done in accordance with the OWASP Top 10 framework for security.

Activity Log

Regular activity and access logs are maintained.

Access Control

Regular access controls are implemented to not compromise confidential data.

SAML, SSO

SAML and SSO are used to maximise security.

2FA

Two-factor authentication is used to maintain data security.

Code Storage

All code is reviewed by multiple team members before being registered and saved to our version control system.

Authorisation

We implement a strict hierarchical authorisation control to block the risk of unauthorised access.

Tendium’s Security Team

Tendium’s technical experts and management form the Tendium Security Team, dedicated to uphold security protocols. The team ensures that security procedures and measures are followed by employees, customers, and other relevant parties. Promptly addressing any security disruptions, the Security Team keeps a close watch to make sure that platform updates go smoothly without compromising our security infrastructure. 

Our commitment is reflected in our ongoing efforts to constantly advance our practices, refine our security protocols, and integrate state-of-the-art technology and processes to stay at the forefront of cybersecurity.

Certified Hosting

Our services are hosted on Amazon Web Services (AWS). AWS has implemented the following security measures, among others: 

  • Storage locations
    AWS selects their data and control centre locations carefully, considering both geographical and environmental factors. These locations are equipped with sensors to detect climate or weather changes, along with security measures such as CCTV, intrusion alarms, and special manned entrances to guarantee a high level of protection. 
  • Access rules and security updates
    Employees’ access to data systems follows strict rules, with continuous updates to security operating systems. 
  • Technical solutions for continuity
    AWS has implemented solutions that enable traffic to move between servers without the risk of overload, ensuring that operations can continue without interruption in case of technical failures. Backup generators also protect functionality in the event of electrical or power failures.
  • Backup and risk management
    Regular backups are made to and between resilient and independent systems. The infrastructure and data centre’s risk management is systematically evaluated to minimise any threats.
  • Certifications and third party evaluations
    AWS is certified with ISO and CSA STAR, and they conduct regular third-party evaluations to review security. 

Read more about AWS and their security work here.

Report a Security Incident

Have you discovered or do you suspect a security breach on the Tendium platform? Do not hesitate to contact us at security@tendium.com, and we will immediately look into the issue.

Last updated: 2023-11-14