logo-borealis logo-borealis-color

Boréalis offers hosting services used by many large organisations. We adhere to the highest industry standards for enterprise security to maintain the confidentiality, integrity, and availability of our customers’ information. Our risk assessment practices align with the standards processes of software and IT industries.  Our solution is collocated in dedicated spaces at a top-tier data center that maintains industry-standard certifications. This ensures our application meets rigorous security requirements. Third-party security audits of our product and infrastructure are done on a regular basis.

 

You can find more details by downloading the Boréalis Security Infokit.

Data Center Security

Boréalis production servers are hosted in Canada at a Tier 3 certified design data center (Uptime Institute rating). The facility is ISO 27001: 2005, SOC 1 type II (SSAE 16 and ISAE 3402) and SOC 2 type II compliant. The data center is equipped with robust physical security including biometrics and smartcard access and logical security including firewall, intrusion detection, video surveillance and prevention, and denial of service attack protection. Power, cooling and networks all are fully redundant and built to a minimum of N+1 redundancy.

Application-Level Security

The Boréalis application provides a range of application-level security mechanisms that allow to fine-tune the implementation to meet specific requirements. Software architectural patterns are strategically selected around data confidentiality, integrity and availability. These patterns include row level security data segregation, roles-based access control list, audit trail and log management.

Disaster Recovery

Boréalis uses multiple data centers to host its application and data, providing essential redundancy. All data centers employ physical security, strict access policies and secure vaults and cages. The disaster recovery center is located at more than 160 km (100 miles) from the production data center. Near real-time data replication between the production data center and the disaster recovery center of the Boréalis solutions is performed. Hot-site disaster recovery tests are performed daily and complete disaster recovery diagnostic is done quarterly to verify our projected recovery times and the integrity of the customer data.

SysAdmin Access and Global Support

The Boréalis operations and support team monitors our infrastructure 24/7 from Canada. Our access control policy aligns with IT industry standards. Access control is enforced with policies to control user registration, grant the correct level of access privilege, control password use, password change and password removal, review of access rights, and control network service access.

Our support team maintains an account on all hosted applications for the purposes of maintenance and support. Applications and data are accessed only for purposes of application health monitoring and performing system or application maintenance, and upon customer request via our support system. Only security qualified and authorized Boréalis employees have access to system using 2-factor authentication. Customers are responsible for maintaining the security of their own login information.

Product Security Features

Only application administrators are allowed to create users and assign data security rules. The access control is based on a roles hierarchy. Data can be segregated by group of users. All access is governed by strict password security policies with configurable complexity. All activities performed within the application are logged with Audit Trail.

Backup

Complete virtual server backups are made on a daily basis. Backups are retained with the following policy: retain the 5 most recent backups as well as the most recent backup from each of the last 7 days, 4 weeks, 12 months, and 1 year.

Privacy

Boréalis understands the importance of ensuring the privacy of your information.

Monitoring and Vulnerability Management

Boréalis uses third-party security specialists and enterprise-class security solutions (like Qualys) to find & help us fix vulnerabilities in the IT infrastructure and the web application. Reports of latest third party intrusion tests as well Qualys reports are available upon request.

Boréalis uses vulnerability management systems to continuously secure the IT infrastructure against the latest Internet threats. A web application scanning system automatically identifies OWASP top 10 risks including SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and URL redirection.

All web applications, network and hardware are constantly monitored by both Boréalis and the managed Infrastructure-as-a-Service (IaaS) providers.

Network Security

The Boréalis network is protected by enterprise grade firewall and Intrusion Prevention and Detection System (IPS/IDS) to monitor network traffic in order to block a wide range of known vulnerability exploits. The OVH network is protected against DoS/DDoS attack.

Transmission and Session Security

Multiple Internet backbone connections provide routing redundancy and high-performance connectivity. All communications with Boréalis servers are encrypted using high-grade SSL with 256-bit AES, a cryptographic protocol which is designed to provide communication security over the Internet. Encryption keys are securely stored. Individual user sessions are identified and re-verified with each transaction, using a unique token created at login.