Borealis offers hosted services used by many large organisations. We adhere to the highest industry standards for enterprise security to maintain the confidentiality, integrity, and availability of our customers’ information. Our risk assessment practices align with the standards processes of software and IT industries. Our solution is collocated in dedicated spaces at a top-tier data center that maintains industry-standard certifications. This ensures our application meets rigorous security requirements. Third-party security audits of our product and infrastructure are done on a regular basis.
ISO 27001:2017 Certified
What is ISO 27001 Certification?
ISO 27001 is an internationally recognized standard that helps organizations manage information security to make their information assets more secure.
To become certified, an organization must develop and implement a strict security program, regularly evaluate information security risks, threats, and vulnerabilities, and establish that its security programs align with industry-leading best practices.
After a successful audit is performed by an independent third party, the organization can be certified by an accredited registrar.
– Patrick Grégoire, President, Borealis
Data Center Security
Product Security Features
Monitoring and Vulnerability Management
Borealis uses third-party security specialists and enterprise-class security solutions (like Qualys) to find & help us fix vulnerabilities in the IT infrastructure and the web application. Reports of latest third party intrusion tests as well Qualys reports are available upon request. Borealis uses vulnerability management systems to continuously secure the IT infrastructure against the latest Internet threats. A web application scanning system automatically identifies OWASP top 10 risks including SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and URL redirection.
All web applications, network and hardware are constantly monitored by both Borealis and the managed Infrastructure-as-a-Service (IaaS) providers.
SysAdmin Access and Global Support
The Borealis operations and support team monitors our infrastructure 24/7 from Canada. Our access control policy aligns with IT industry standards. Access control is enforced with policies to control user registration, grant the correct level of access privilege, control password use, password change and password removal, review of access rights, and control network service access.
Our support team maintains an account on all hosted applications for the purposes of maintenance and support. Applications and data are accessed only for purposes of application health monitoring and performing system or application maintenance, and upon customer request via our support system. Only security qualified and authorized Boréalis employees have access to system using 2-factor authentication. Customers are responsible for maintaining the security of their own login information.
Transmission and Session Security
Q&A How Borealis
Manages data security
Data backup and restoration
We have two different methods for recovering data in the event of an outage:
- Recovering from a hot standby server, which has a Recovery Point Objective (RPO) of less than one minute, and a Recovery Time Objective (RTO) of less than one hour.
- Recovering from a backup, which has an RPO of less than 24 hours, and an RTO of less than one hour.
These procedures ensure that our systems are up and running as quickly as possible in the event of an unexpected interruption.
Borealis must maintain a 99.5% Online Service availability rate, calculated monthly using (Total – Downtime) / Total * 100 ≥ Availability Target. “Total” refers to calendar month minutes minus excluded downtime, while “Downtime” refers to non-excluded duration, including planned and uncontrollable events.
You can access more details regarding the service availability in our MSA’s “Availability” section: https://www.boreal-is.com/data/cdn/media/Borealis-Master-Subscription-Agreement.pdf
Every year, we conduct a penetration test through an external firm.
Additionally, we conduct an automated vulnerability scan and a Web Application Scan every week using the Qualys platform.