We at Tasktop understand the importance of security to our customers and work hard to ensure that data security and privacy is a top consideration in all of our business processes. This page outlines some of the ways Tasktop protects your information in Tasktop Cloud products - Integration Hub and Viz. Tasktop’s comprehensive information security program addresses policies and processes, people, and technologies to ensure we meet our security objectives.
Tasktop Integration Hub Cloud Architecture
Tasktop Hub page: https://www.tasktop.com/hub
Tasktop Integration Hub Cloud is connecting software delivery systems to empower teams, enhance communication, and improve the process of software development as a whole. Customers access and configure their instance of the Tasktop Integration Hub Cloud using a browser.
Tasktop Integration Hub Cloud Architecture
Tasktop Viz Architecture
Tasktop Viz page: https://www.tasktop.com/viz
Tasktop Viz is a turnkey solution for implementing the Flow Framework®, a lean and prescriptive framework for shifting from project to product. Viz provides near real-time multi-source metrics dashboards per product value stream with zero coding and zero change to workflows. Viz connects to Customers' software development related tools as well as other information sources (as configured by the Customer), and collects the data needed for value stream metrics analysis.
Viz is a SaaS application with a multi-tenant architecture. (See image to the right)
Tasktop uses Amazon AWS IaaS platform for secure hosting infrastructure. Amazon AWS is a premier infrastructure-as-a-service provider with extensive security certifications and audited controls. For details on AWS certifications and accreditation, please visit https://aws.amazon.com/security/.
Tasktop has established a dedicated environment for our Cloud hosting that is secured and segregated from our corporate network. Tasktop applies strict access control to our production Cloud environment and only allows access to select Tasktop personnel on a need-to-know basis. Access is enforced through multi-factor authentication mechanisms. Our Cloud operations personnel undergo background checks and have active non-disclosure agreements.
Tasktop encrypts customer information while at rest and when transmitted over the Internet. All browser connections are encrypted using TLS. All connections of on-prem Viz Agent (if used) to the Viz Cloud backend are encrypted using TLS.
All data at rest is encrypted using standard AWS capabilities. Security critical information, such as repository credentials, is additionally encrypted in the database using per-customer keys.
Tasktop enforces logical segregation for each customer’s data within our environment. Tasktop maintains strict controls over access to our customer data. We will only access specific customer data if it is required to provide the service (for example, if the customer opens a support ticket and Tasktop needs such access to resolve it).
Tasktop’s Cloud architecture is built to be resilient and is aligned with our service level targets. Tasktop has established data backup and restore procedures that are tested on a regular basis.
Tasktop has adopted robust secure development practices based on industry standards. We provide our engineers with regular security training, and perform security code reviews.
Tasktop has implemented extensive automated testing to ensure ongoing quality of our service.
Tasktop employs static and dynamic code scanning as part of our development process to proactively identify potential security issues. All scan results are reviewed, triaged, and appropriately resolved if deemed applicable.
Tasktop has established a number of security testing processes. Tasktop conducts regular vulnerability scanning using commercially available and open source tools.
Tasktop also conducts penetration testing through a third party partner on an annual basis.
Any issues identified through vulnerability scanning and penetration testing are resolved in a timely manner in accordance with the assessed risk level.
Tasktop maintains a Security Incident Response Plan (SIRP) that defines our process to deal with security issues. Our SIRP establishes roles and responsibilities during a security incident, escalation paths and requirements, and customer notification requirements.
Tasktop keeps the plan up-to-date, conducts regular reviews and incident simulation sessions, and ensures relevant staff are trained.
Certifications and Compliance
Tasktop’s Hub and Viz SaaS products are SOC 2 certified. You can request a recent copy of our confidential SOC 2 audit report by contacting your account manager, or by emailing security (at) tasktop.com
Tasktop monitors the regulatory environment and ensures Tasktop is compliant with all applicable regulatory requirements and standards. In particular, we have analyzed our services and implemented appropriate technological and organizational measures to comply with GDPR.
All Tasktop Integration Hub Cloud infrastructure is hosted in Amazon AWS in data centers that are SOC2, ISO 27001, ISO 27017, and ISO 27018 certified. You can find more information about AWS compliance and certifications here: https://aws.amazon.com/compliance/programs/
To be able to provide top tier service, we employ several providers (suppliers), such as Amazon AWS. To ensure our supply chain is up to our standards with regard to security, Tasktop proactively monitors our suppliers’ security stance on an ongoing basis. You can find the full list of Tasktop’s sub-processors here: https://www.tasktop.com/tasktop-sub-processors
As our customer, you also play an important role in securing your information.
While Tasktop is responsible for providing you with a secure platform, you are responsible for using the platform in a secure manner. In particular:
- You must ensure that you have industry standard user management processes to secure access to Tasktop Integration Hub Cloud. This process should include deprovisioning access when no longer needed.
- You must ensure that your users maintain appropriate password security. As with any Internet-based service, security of your user accounts is vital. We in turn help by enforcing a minimum password length of 12 characters.
- When connecting Tasktop Cloud applications to your repositories, you must ensure that you do so in accordance with your company's security policies. This would usually include:
- Enabling encryption for all of your repository connections.
- Provisioning service accounts in your repositories that are dedicated to the Tasktop Cloud application(s), have strong passwords, and are configured following the principle of least privilege and in accordance to minimal permissions as documented in our Connector Documentation.
Tasktop’s security experts are available to answer any questions you may have, you can reach us at security (at) tasktop.com