Security Policy

Security is paramount for online systems. AlchemyWorks regularly review systems, current threats and best practices for secure operations. Methodologies include, but are not limited to;

SSL - Systems are accessed via encrypted SSL connections, ensuring server identity and protection from man-in-the-middle attacks. AlchemyWorks software will refuse to operate unless a valid SSL connection is present.

Passwords - Each user is allocated a unique ID and password which can only be used for one concurrent service connection. Password strength can be determined by the administrator, relevent to a particular clearance level, and is stored as a salted SHA256 hash. Passwords are never sent across email, and reset is by means of a randomly generated time limited token.

Cookies - Session cookies consist only of random data and contain no user or identification information. They are also regularly rotated during activity and are normally deleted at end of a browser session. It is possible to store a user cookie that contains the account domain and user name for ease of login, however this should not be enabled on any shared or public computer.

Encryption - The document management system individually encrypts all documents, and they are stored separately from the main database.

Secure Environment - Servers are in a physically secure environment, with access protected by firewall. Support and administration systems cannot be accessed directly across the Internet.

Intrusion Detection - Systems actively monitor and log common vectors of attack for analysis and investigation.


Copyright © 2017 AlchemyWorks - All Rights Reserved. [Terms] [Cookies] [Privacy] [Security] [Sitemap]