Software as a Service
Scanmarket is built to be used. That is why we focus on you - succeeding with our product. Our solution is delivered as Software as a Service, making operations easy for you and your team.
Hosting of the Scanmarket eSourcing Platform is provided by Amazon Web Services (AWS).
AWS holds, among others, the following certifications:
CSA STAR Level 2 (Cloud Service Provider Security)
AWS is audited twice a year covering a 6-month period to attest that they meet the criteria of their security programs, following SOC2, type II auditing procedures.
AWS datacenters are built to the highest standards, with fully redundant power and cooling and strict access controls in place to ensure a very secure environment.
Data is stored in the following AWS regions, depending on your hosting needs:
Inquiries and questions regarding our hosting provider and their certifications can be addressed to infosec@scanmarket.com
Scanmarket is responsible for the operation of the hosted services and have procedures in place for:
All data is backed up daily, with one weekly full-backup and daily incremental backups. Database transaction log files are backed up every 15 minutes.
The retention period for backups is 60 days.
Backups are stored in two separate AWS accounts, with completely segregated access, for disaster recovery purposes.
Security
Information Security Management System
Scanmarket runs an extensive Information Security Management System (ISMS) based on the structure of the internationally recognized ISO/IEC 27001:2013. The ISMS is subject to continuous, systematic review and improvement.
Encryption
All data at rest is stored encrypted and all sensitive data is encrypted in the database. Each customer has their own unique encryption key which ensures one customer cannot access another customer’s data.
Data in transit is encrypted for all transactions. All encryption is performed using current industry standards.
Before any change is made in the Scanmarket strategic sourcing platform, the complete change is verified by highly qualified Quality Assurance Personnel ensuring highest possible stability and security in the application. The security testing includes, but is not limited to, testing against malicious requests and malicious input, including possible cross-site scripting attacks.
Penetration Testing
A yearly penetration test is performed by a qualified third-party, and any findings are corrected immediately. The latest summary is available to customers upon request.
Application Security
All database access is performed through the ORM framework or a secure query engine, eliminating the risk of SQL injection attacks.
User input is generally encoded so it can be displayed safely. This protects against cross-site scripting or JavaScript injection attacks. Where the user is able to enter rich text input, the resulting mark-up is sanitized.
All requests are validated for correct rights before data is returned or modified.
Authentication
Scanmarket support SAML2 based Single Sign-On, allowing for your organization to remain in control of the authentication process.
We also offer a regular username & password-based login with the ability to configure password requirements, such as length, complexity and age.
’’
It's a platform that’s evolved ever since we implemented it. We have had lots of good dialogue with Scanmarket around what could be new interfaces we would like and new features. That means we can sit down and look at how we do things and how we work in the most optimal way.
Like many cloud-based software companies, Scanmarket employs Agile software development methods. Agile methodology is based on iterative, incremental development and enables rapid, flexible response to change.
Agile methods let us take what we learn and drive feature development to changing customer needs and market demands. Scanmarket’s Platform Development Team is able to deliver updates every 3 weeks, with dozens of new market and customer driven features - not simply patches and bug fixes.
The key components of Agile Software Development are:
’’
The tools are proving to be very successful, and simple to use
Secure-Coding Practices:
Protecting your data is a constant focus point. Therefore, our Software Development Life Cycle procedures includes:
Segregated Environments
Scanmarket has a testing and a staging platform that is 100% disconnected from the live servers, so no customer data is available on the test setup. All new features are tested, first on the test server and then on the staging server, before they are released into production.
