SECURITY

SOC 2 Type II
Urpla implements the necessary systems and processes that comply with best practices for security, availability, and confidentiality.

ISO 27001
We have implemented an Information Security Management System (ISMS), in accordance with the requirements set out in ISO 27001. However, we have not yet been independently certified ISO 27001 compliant.

Privacy Policy
We are committed to preventing unauthorised access or disclosure to our customer’s information. Read our Privacy Policy

Encryption in Transit
The Urpla platform uses Transport Layer Security (TLS/SSL) encryption on all requests sent between client and server. System controls have been implemented to prevent cross site scripting and SQL injection attacks.

Encryption at rest
All data captured in Urpla is encrypted and stored on Amazon Web Services servers in accordance with ISO 27001 requirements.

Urpla has operational support staff available on call during business hours. In the event of an unscheduled outage, business continuity and disaster recovery procedures are initiated to maintain continued business operations and system performance.

System vulnerability assessments and internal security controls have been implemented to identify security vulnerabilities and reduce the risk of exposure to common cyber-attacks. Our Vulnerability Disclosure Program enables us to identify and proactively address inbound security vulnerabilities provided by customers and the broader technical community.

Our incident management process ensures we rapidly respond to security events that may affect the integrity or availability of the Urpla platform and the data stored within it. Events that affect customers are given the highest priority.

Urpla information and data is stored across multiple databases and file stores. Data and audit logs, for all databases, are backed up on a regular frequency. Full backups are performed daily using the tower of Hanoi strategy each week. Backups are kept for 6 months before being archived to ‘cold storage’. All backups are encrypted.

Urpla also makes use of SAN snapshot utilities to provide point-in-time restoration of file systems. These snapshots are considered “last resort” and would be used as restoration points in the event of an infrastructure failure.

All your information is stored using enterprise-grade cloud servers, secure data storage and highly scalable databases.

Access to Environments
Access to Urpla’s deployment environments is strictly controlled.

Separate Environments
Testing and Staging environments are logically separated from the Production environment.

Auditing of User Actions
All user actions that create, modify, or remove data in Urpla are audited. These audit records are retained for 14 days and can be provided to customers on a request-by-request basis.

Unique Tenant Identifiers
Urpla is a multi-tenanted system. Each customer account has a unique identifier that is used across the entire platform to identify data owned by that account.

Client File Transfer
The Client Task app is powered by Secure Sockets Layer (SSL) to maintain connection security and encrypt and share data safely.

Security Risk Assessment
The Urpla product development team identify and assess any security related risks as part of all new feature development work.

Third-Party Risk Assessment
Annual third-party vendor risk assessments are performed to evaluate the risks associated with the services provided by third parties.

Monitoring Alerts
Monitoring tools are in place to identify suspicious behaviour, unauthorised attempts to access Urpla, and potential denial of service (DoS) type attacks.

Single Sign-On
Urpla can be configured to work with a Single Sign On (SSO) provider such as Okta.

Multi-Factor Authentication
Access to Urpla is connected to a user’s email account. Multi or two-factor authentication can be set for the user’s email account login. Urpla does not store any passwords.

User Security
All users must be invited to join a tenant and accept that invitation before they can access any tenant data. A selected authentication provider is recorded for the user and all future login attempts require authentication using the same provider.

IP Restrictions
Access to production databases is restricted to allow access only from trusted IP addresses.

Administrative Data Access
Access to production databases is strictly controlled and only users with a need to access production data for customer support or problem resolution have access. On request, Urpla will securely delete a customer’s Urpla data.

Data Backups
Data backups are encrypted and sensitive data is encrypted/masked in the live database.

User Permissions
In-app user permissions allow you to control what a user can access and what company-wide actions and settings can be controlled.

Security Awareness Policies
A comprehensive set of security policies are enforced to all Urpla employees and contractors with access to Urpla information assets. This includes policies for the use of two-factor authentication, protection of passwords, personal firewalls, and avoiding unsecured devices and networks.

Security Awareness Training
Every Urpla employee undergoes security training as part of the orientation and onboarding process. New employees receive information on Urpla’s commitment to keep customer information safe and secure.

Confidentiality Agreements
All new Urpla employees are required to sign Non-Disclosure and Confidentiality agreements.