Security FAQs

Questions

  1. Is automatic log-off an option?
  2. Do you enforce high security passwords?
  3. Do you use SSL?
  4. Who has access to the servers?
  5. Where are your servers located?
  6. Do you require your datacenters to complete a SSAE16 audit?
  7. Is there security at the file folder level by user?
  8. Should I use SSL?
  9. Physical Security?
  10. Certifications and Accreditations in AWS

  1. Is automatic log-off an option?

    Yes. We give you the ability to disable the automatic login option. If you turn this off, the user's session will expire after 1 hour. This option is enabled/disabled on the Site Settings page.

  2. Do you enforce high security passwords?

    Yes. You can turn on/off the option to force all users to use high-security alphanumeric passwords. This ensures that every password is at least 8 characters in length and contacts upper-case and lower-case characters and at least one number. This option is turned on/off in your Site Settings page and setting the "Strengthened Password Policy" option.

  3. Do you use SSL?

    Yes, we provide SSL connections for all *.teamworkpm.net sites. This ensures that your communication with our server is safe from prying eyes.

  4. Who has access to the servers?

    Only selected Teamwork Project Manager staff have authorization to access the servers. We also have a code of ethics that ensures that we will never breach customer confidentiality. Each of the servers within the AWS cloud is architected to be secure and contains a number of capabilities that restrict unauthorized access or usage without sacrificing the flexibility that customers demand.

  5. Where are your servers located?

    Our servers are with Amazons AWS and are hosted within the US. AWS infrastructure is housed in Amazon-controlled data centers. Only those within Amazon who have a legitimate business need to have such information know the actual location of these data centers, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access.

  6. Do you require your datacenters to complete a SSAE16 audit?

    Yes, our hosting partner is Amazons AWS.

    AWS has in the past successfully completed multiple SAS70 Type II audits, and now publishes a Service Organization Controls 1 (SOC 1) report, published under both the SSAE 16 and the ISAE 3402 professional standards. In addition, AWS has achieved ISO 27001 certification, and has been successfully validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). In the realm of public sector certifications, AWS has received authorization from the U.S. General Services Administration to operate at the FISMA Moderate level, and is also the platform for applications with Authorities to Operate (ATOs) under the Defense Information Assurance Certification and Accreditation Program (DIACAP). We will continue to obtain the appropriate security certifications and conduct audits to demonstrate the security of our infrastructure and services. For more information on risk and compliance activities in the AWS cloud, consult the Amazon Web Services: Risk and Compliance whitepaper.
    http://d36cz9buwru1tt.cloudfront.net/AWS_Risk_and_Compliance_Whitepaper.pdf

  7. Is there security at the file folder level by user?

    In January 2012 we introduced a feature called "Lockdown" that allows you to apply very powerful security to all object within TeamworkPM.

    You can choose exactly who should see any item. This is a feature that no other project management system comes close to matching. The interface is really intuitive.

    See http://engineroom.teamworkpm.net/lockdown-on-files-and-messages
    and http://engineroom.teamworkpm.net/lockdown-available-for-notebooks
    and http://engineroom.teamworkpm.net/lockdown-available-for-tasks

  8. Should I use SSL?

    SSL encrypts the data sent from your browser to our server. When SSL is not used, a person on the same network as you could potentially "listen" to the data being sent between your browser and the Teamwork servers.

    Note: SSL is only available on the teamworkpm.net domain (for example, https://mysite.teamworkpm.net) If you use a custom domain with Teamwork, SSL is not available.

  9. Physical Security?

    Amazon has many years of experience in designing, constructing, and operating large-scale data centers. AWS infrastructure is housed in Amazon-controlled data centers throughout the world. Only those within Amazon who have a legitimate business need to have such information know the actual location of these data centers, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access.

  10. Certifications and Accreditations in AWS

    For more information on Certifications and Accreditations in AWS please take a look at
    http://aws.amazon.com/security/#certifications

Site Links

Shortcuts

Features & Benefits

Stay Up To Date

Other Links