Your privacy is very important to us.
Our database servers are configured to have a standby (backup) data centre in Australia East time zone (TZ) which is within South East Asia.
This TZ runs on its own physically distinct infrastructure, these zones are configured to provide independent power, network and lighting and fire suppression environments.
Should any primary server become affected by a zone issue, the server will switch to ‘warm’ backup operating from a different zone. All clients will automatically switch to the new server with no loss in service. Werkflo undertakes testing and production environments.
We monitor continuously by several internal and external monitoring tools to ensure issues are identified as soon as possible.
The Werkflo applications actively trigger on out-of-bounds and unusual events within the actual processing stream. All infrastructure assets are scanned for vulnerabilities and open ports by internal scanners and 3rd party vulnerability assessment service.
Werkflo’s product data is stored on Microsoft Azure data centres. Microsoft Azzure data centres are complete standalone instances of the Werkflo’s systems. All data will be stored within their data center and will not reside outside this center and all future login and Werkflo activities will operate from their selected data center. This applies to all file storage, databases, and backup operations.
Microsoft Azure employs a robust physical security program with multiple certifications which you can find more information on their security processes at please visit aws.amazon.com/security.
Within our Offices
Within our offices, we have a variety of security measures implemented. Our buildings are monitored 24/7 by surveillance cameras. All employees are required to have access cards to access the building, access logs are kept of employee access.
Network and System Security
All servers and applications are monitored and kept up to date with patches. Critical patches are deployed immediately in the event of a disclosure of a new vulnerability impacting Werkflo’s assets. We use patch management software to easily report on and deploy security patches. Third-party dependencies in our codes are regularly scanned for vulnerabilities by an automated tool and reports are sent to developers and the security team.
We use Git for source code and configuration management. All changes to code and configurations go through peer review before the changes are released to our testing system. All changes must go through our build system and a suite of automated tests before they are released to our production systems. Large changes all go through manual in-depth testing by our testing team to ensure potential issues are detected.
We perform ongoing automated vulnerability scanning using internal and external tools to identify vulnerabilities. Third-party manual pen tests take place bi-annually and all reported issues are actioned on and resolved.
Advanced user authentication
Each Werkflo user has a unique password-protected account. The password is validated against our password complexity requirements which ensures that every password is at least 8 characters in length and contains upper-case and lower-case characters and at least one number. All user passwords are stored in the database only after being passed through a one-way hash and salt technique, we do not store any user passwords in plain text or display any personally identifiable information in our application logs.
On specific plans you can enable two-factor authentication for your profile, adding an additional layer of protection to your account.
Data Control – Privacy, Visibility & Sharing
A Werkflo administrator manages and controls individual user rights. Customer data, including tasks and folders, can only be accessed by other users within your Werkflo account if those items were specifically shared with them, or if the items were placed in shared folders.
We provide encryption in transit using HTTPS by default on all our domains. For our Enterprise customers, your data is encrypted at rest using industry-standard AES-256 encryption algorithm. We support TLS 1.3 only and restrict insecure ciphers, this ensures that all our traffic is secure and private while in transit between your browser and our application.