Security Measures
Our primary focus revolves around safeguarding your information. We uphold rigorous security protocols to ensure the seamless flow of our operations and keep data confidential. In the following sections, we will delve into the core security measures we employ, and shed light on what these measures mean for you and your data.
The Importance of Data Security
In the world of public procurement, confidentiality regarding tenders and strategies is key. We recognise the importance of protecting innovation, business relationships, trade secrets, and sensitive information. At Tendium, we facilitate all work related to public procurement and tenders without compromising security – ensuring your competitive advantage.
Safekeeping Your Data
Security Routines and Measures
Secure Updates
All updates and developments are made in accordance with our security standards.
Patch Management
New releases and updates continue without downtime, and any issues are resolved quickly.
Application Security
Updates are reviewed with end-to-end testing and statistical code analysis.
Cybersecurity
DDoS, attack tracking, network logging, etc. are used for cybersecurity.
Data Encryption
TLS v1.2 is applied, user passwords have a hash function, and all data is encrypted.
Backups
Backups are performed several times an hour.
Information and Cyber Security Policy
Tendium carries out ongoing updates in our security work to protect our IT security.
OWASP Top 10
Software development is done in accordance with the OWASP Top 10 framework for security.
Activity Log
Regular activity and access logs are maintained.
Access Control
Regular access controls are implemented to not compromise confidential data.
SAML, SSO
SAML and SSO are used to maximise security.
2FA
Two-factor authentication is used to maintain data security.
Code Storage
All code is reviewed by multiple team members before being registered and saved to our version control system.
Authorisation
We implement a strict hierarchical authorisation control to block the risk of unauthorised access.
Tendium’s Security Team
Tendium’s technical experts and management form the Tendium Security Team, dedicated to uphold security protocols. The team ensures that security procedures and measures are followed by employees, customers, and other relevant parties. Promptly addressing any security disruptions, the Security Team keeps a close watch to make sure that platform updates go smoothly without compromising our security infrastructure.
Our commitment is reflected in our ongoing efforts to constantly advance our practices, refine our security protocols, and integrate state-of-the-art technology and processes to stay at the forefront of cybersecurity.
Certified Hosting
Our services are hosted on Amazon Web Services (AWS). AWS has implemented the following security measures, among others:
- Storage locations
AWS selects their data and control centre locations carefully, considering both geographical and environmental factors. These locations are equipped with sensors to detect climate or weather changes, along with security measures such as CCTV, intrusion alarms, and special manned entrances to guarantee a high level of protection. - Access rules and security updates
Employees’ access to data systems follows strict rules, with continuous updates to security operating systems. - Technical solutions for continuity
AWS has implemented solutions that enable traffic to move between servers without the risk of overload, ensuring that operations can continue without interruption in case of technical failures. Backup generators also protect functionality in the event of electrical or power failures. - Backup and risk management
Regular backups are made to and between resilient and independent systems. The infrastructure and data centre’s risk management is systematically evaluated to minimise any threats. - Certifications and third party evaluations
AWS is certified with ISO and CSA STAR, and they conduct regular third-party evaluations to review security.
Read more about AWS and their security work here.
Report a Security Incident
Have you discovered or do you suspect a security breach on the Tendium platform? Do not hesitate to contact us at security@tendium.com, and we will immediately look into the issue.
Last updated: 2023-11-14