JanusKS' primary security focus is to safeguard customers’ data. As such, we have designed and implemented controls to protect and service our customers.

Our objectives are:

• Provide trust and protection by delivering world-class products and services while
  protecting the privacy and confidentiality of customer data.
• Ensure the availability of the Projectal service and minimize risks to service continuity.
• Ensure that customer data is never modified inappropriately.

Infrastructure Security Controls

JanusKS does not host any Projectal systems or data within its corporate offices.  All Projectal systems and infrastructure data is stored on Amazon Web Services (AWS).

We rely on AWS's audited security and compliance programs for the effectiveness of their physical, environmental, and infrastructure security controls. AWS guarantees between 99.95% and 100% service availability, ensuring redundancy to all power, network, and HVAC services. The business continuity and disaster recovery plans for the AWS services we use have been independently validated as part of their SOC 2 Type 2 report and ISO 27001 certification.

For more information, AWS’s compliance documentation and audit reports are publicly available at the AWS Cloud Compliance Page and the AWS Artifacts Portal.

Network Security Controls

The Projectal product infrastructure uses multiple layers of filtering and inspection on all connections across our web application firewall (WAF), logical firewalls and security groups.

Network-level access control lists are in place to prevent unauthorized access to our internal product infrastructure. Firewalls are configured to deny network connections that are not explicitly authorized.

Network security is actively monitored and controlled using AWS monitoring and configuration systems. Firewall rulesets are reviewed on an annual basis.

Configuration Management Controls

JanusKS uses automated scripts and images to maintain our infrastructure and to scale services to meet the needs of customers.  We can expand the capacity of our infrastructure when needed. All server configurations are contained in images and configuration files, which are used when new server instances are required. Patches are handled using automated configuration management tools.

Logging Controls

Actions and events that occur within Projectal applications are logged. These logs are stored on AWS storage for monitoring and analysis by the Projectal support team.

Alert Controls

The Projectal infrastructure is configured with alerts that notify the Projectal support team of issues such as serious errors, downtime, and other anomalies. We are continually adding more alerts to ensure faster and more granular responses. 

DNS Security Controls

All Projectal instances have separate DNS entries and these DNS entries are maintained at the Projectal DNS registrar - Squarespace.  Access to the Squarespace console is limited to selected JanusKS staff and requires device validation and Multi-Factor Authentication (MFA).

Web Application Security Controls

All customer data hosted within their Projectal instance is protected by a Web Application Firewall (WAF). A WAF actively monitors real-time traffic and alerts or denies malicious behavior based on behavior type and session rate.

Development and Deployment Controls

Projectal is constantly improved with new features, enhancements and bug fixes.  The software development team have a consistent approach that is followed for development, testing and deployment.  Newly developed code has code reviews and static code analysis.  Unit tests are added to ensure correct operation of code.  System testing is performed at multiple stages before reaching customers.  Deployments to customers are tested and analyzed to ensure correct installation and operation. New version information is communicated to customers directly, and via the News section on the Projectal website. 

Vulnerability Controls

We use a variety of industry-recognized tools to check for vulnerabilities across all aspects of our Projectal technology.

External industry recognized cyber security vendors perform penetration tests against our applications. Their findings are assessed and all serious issues are fixed as a high priority. Final reports are available to our customers.

Encryption Controls

All data stored at-rest in Projectal is encrypted. All data transmitted with Projectal is encrypted with TLS version 1.2, or 1.3 and 2,048 bit keys or better.

Key Management Controls

Encryption keys for both in transit and at rest encryption are securely managed by the Projectal infrastructure on AWS. Keys managed by JanusKS are rotated at varying frequencies, depending upon the sensitivity of the data they govern. TLS certificates are renewed annually.

Backup Controls

By default, all Projectal instances have their data backed up on a daily basis.  Projectal infrastructure is backed up on a regular basis using automated schedules. 30 days of backups are retained for customer data restoration purposes.  Backups are stored on regional AWS storage and copied periodically to a separate AWS region for recovery in the event of a primary regional outage. Restoration of data is available to customers following a request to the Projectal support team.

User Permission Controls

Projectal contains comprehensive permission and access policy features that empower customers to create and manage access policies for the use of Projectal.  Customers can selectively restrict access to features, data fields and data instances to control the behavior of their users of Projectal.

Login Authentication Controls

Projectal allows users to login using either the native Projectal login or with Single Sign On (SSO).

The native Projectal login enforces a uniform password policy.  This can be configured by the Projectal support team to match customer authentication requirements.

Both SAML-based SSO authentication using any SAML-based IDP is available, and SSO authentication using LDAP or Active Directory (AD) is available.

Two-factor authentication can be set using SSO authentication.

API Controls

Projectal provides an Application Programming Interface (API) that enables software developers to gain access to features and data in Projectal.  The authentication and use of the API for software developers is controlled by the login authentication controls and user permission controls.

Employee Access Controls

Selected JanusKS employees are permitted to access Projectal's infrastructure using its company network or Virtual Private Network (VPN), which requires device validation and Multi-Factor Authentication (MFA).

The Projectal support team are only permitted to access customers' Projectal instances to provide support assistance when customers provide login access to their Projectal to the Projectal support team. Customers are in full control and can deny access at any time.  Customers can use access policies and permissions to restrict access to selected features and data.

Corporate Authentication Controls

JanusKS employees require device validation and MFA when accessing the JanusKS corporate network. Password policies follow industry best practices for required length, complexity, and rotation frequency. Password vaults are in place to manage certain administrative account passwords.

Policy Document Controls

JanusKS maintains a set of internal policy documents in our corporate wiki that JanusKS employees can access to understand all policies.  The policies are reviewed annually.

Building Security Controls

At JanusKS' head office, the building is secured in multiple ways. The building has keyed external doors.  The JanusKS office has keyed doors and a security alarm that is monitored 24/7 with all employees having individual security access codes. When employees are no longer employed by the company, then their keys are returned and security access codes are deleted.