Popular questions about Contractiva
Can I limit administrator logins to specific IP addresses?
Yes. This feature provides added security and ensures that administrators can only login from authorised static IP addresses. Please note this means that any administrators needing to login from home or another office, will need to have a static IP address.
Can I access a file if I know the URL?
Only if you are logged into the system and have access to the document you are attempting to download. The system authenticates every request to make sure your account has the correct permission to access it.
Can users share accounts and login details?
No. This is a security breach and makes security very difficult to manage from a company perspective. We recommend that you take logins and security very seriously and scrutinise who in your organisation has access to administrator accounts and passwords.
Are the Contractiva servers protected by firewalls?
Yes. Contractiva servers are protected by hardware firewalls. Traffic is restricted by protocol, by service port, and by source IP address (individual IP or Classless Inter-Domain Routing (CIDR) block). The firewall is configured in groups permitting different classes of instances to have different rules, enabling tighter security in a typical three-tiered application such as Contractiva. The firewall infrastructure supports the ability to grant granular access to different administrative functions on the instances and the firewall, therefore enabling additional security through the separation of duties.
How often are backups done and where are these stored?
Contractiva takes data backups very seriously and makes both on-site and off-site backups of all databases and client data according to an agreed schedule. If we are hosting your servers, we make either incremental database backups or run a fully replicated database, ensuring total failover in the event of a system failure. All backups are made to an off-site Tier 1 datacentre. If you are hosting your own servers you will have the option of handling your backups yourself, or consulting our security team and using our backup infrastructure.
Where is Contractiva hosted?
We have servers in 3 geographically distributed Tier 1 datacentres, in the UK, Europe and the USA. In addition to these, as a fully enterprise application, we allow customers to use their own hosting arrangements or internal servers as required, and we will support these servers to the level you require. We also run various cloud computing installations within the Amazon Compute Cloud and can offer this installation if suitable.
Who provides and authenticates the Contractiva SSL certificate?
Contractiva is secured via 128-bit SSL by Thawte Consulting. If your system runs off a Contractiva.com sub-domain, it will be secured by our certificate. If you are running Contractiva on your own domain we will need to install an SSL certificate on your domain. In this case, you can choose from any of the respected SSL providers.
Is Contractiva secure?
Yes. From an infrastructure perspective, Contractiva uses 128-bit SSL, hardware and software firewalls, anti-virus software, and applies the latest security updates as they are available. Within the software application, Contractiva uses URL authentication, enforced password strength, time-based inactivity logouts, audit tables and restricted admin IP lists. On a company level, we operate a rigid internal data access policy that ensures your data is not accessible to internal staff unless they are performing a task that requires such access. In this respect, we provide each customer with a list of internal staff who will be involved with their installation and data.
Can we host Contractiva on our own domain?
Yes. You can select to either host Contractiva on your own domain, or you can host it on a sub-domain of the Contractiva.com domain. The choice is yours and in both scenarios the system will be secured via 128-bit SSL.
Page 1 of 1 pages