Data Privacy and Segregation


Administrators can manage roles and permissions to ensure organizational security and scale process control operations.


Netcontent's multi-tenant architecture must be configured in different work environments, but an administrator can, in each environment, set up teams for various business units and assign resources, such as validators, managers, and services, to each team.



IAAS Service Mode


Since the platform can be acquired as a service, fully separate and secure environments are created, even if they share the same Cloud.


Resources, including process services and case developers, can be assigned to each team. Administrators can provision multiple groups within an organization and, for each group, separate data at all stages of the document lifecycle, from development to production.




Authorization and Access Permissions


Administrator users have privileges to grant access permissions to the platform, which can be managed at various levels of granularity:


  • Users can be restricted to specific workgroups and workflows.
  • Process services can be assigned permissions only for certain workflows and tasks.


Administrators control task separation for users:


  • Administrators can manage both permissions and users associated with the Case Type workflow.
  • Users can be configured into groups and roles. Each group/user can have independent segregation across multiple departments according to the organization's needs.
  • Administrators can share or block automation workflows based on group/user permission definitions.
  • Similarly, administrators can set permissions for processes at the group level, allowing or blocking workflow execution.




Groups


Administrators can group users by task types, business units, or other criteria to efficiently manage the manual and virtual workforce.

Instead of assigning a task to a specific person, a task is assigned to a group. If the task is automated, the process server optimizes task assignment by sending it to the first available service.



Password Policy


Administrators can control access by managing various password attributes and assigning specific policies:

  • Require users to change their passwords on the first login.
  • The administrator cannot view the user's password reset text.
  • Enforce a minimum password character length.
  • Apply a policy that requires the use of complex passwords (uppercase letters, special characters, numbers).
  • Set the number of invalid attempts before lockout.
  • Edit the duration of inactivity on a workstation before the screen locks.
  • Passwords are stored in a non-reversible format, SHA-256 or higher.




Authentication and Authorization Policy


Netcontent supports SSO of Google and Microsoft through Active Directory authentication and secure credential-based authentication.


During the authentication process, credentials are encrypted throughout the communication.


Active Directory SSO


Role-based access control can be configured manually by the IT team or automatically through the organization's Active Directory, enabling Single Sign-On (SSO).


Encryption


Encryption is applied by default to all sensitive data, both in transit and at rest.

All keys stored on the server side are encrypted using the 256-bit Advanced Encryption Standard (AES) key and are saved in the Netcontent database. Sensitive data is never decrypted; it is always transmitted in an encrypted form. No data is stored on the client side: once a user finishes their tasks and ends the session, all sensitive data is erased.

The encryption mechanism and key length for all encryption processes used within Netcontent, including data in transit, data at rest (stored within the application), and any special storage (such as passwords), are as follows:


  • AES-256
  • SHA-256
  • When Netcontent interacts with the same platform, a client system, or a third-party system, the available encryption options to facilitate secure communication are HTTP.
  • Passwords are stored in a non-reversible format, SHA-256 or higher.
  • All confidential data configuration parameters, such as passwords and connection strings, can be encrypted.


Audits and Logs


Netcontent audits all critical mission events and changes with complete traceability in the document history and activities. Log entries are secured to prevent tampering by malicious actors:


  • The audit log is enabled by default and cannot be disabled by any user or role.
  • Event types recorded include login, logout, failed login attempts, access changes, task scheduling transmission, critical transactions, and others.
  • Access to the log file is restricted by permissions according to the organization's policy to prevent unauthorized modification, access, or deletion.
  • All logs are stored as files on the server, and case audits are stored in the database.


Data Retention

The Netcontent platform is a client/server solution that does not store data from client applications. All data used in a secure environment is encrypted on the client side and transmitted encrypted until it is stored in the database.


Netcontent does not retain any session data on the client machine. However, a custom purge process can be automated upon session termination to clear metadata that may reside in cookies and the browser cache due to third-party website policies.


Security Testing


Regular security checks and ‘intrusion tests’ are conducted, both internally and by external auditors.


Netcontent applications adhere to the latest security protocols, including OWASP, WASC, black-box testing, gray-box testing, and white-box testing, to identify and address security vulnerabilities or insecure coding practices, such as buffer overflows, injection flaws, and improper error handling.


According to the external testing and verification process provided by a third-party security auditor, there are no open vulnerabilities of critical or high risk.

Created with the Personal Edition of HelpNDoc: Import and export Markdown documents