Your security is very important to us! Here is a summary of what we do every day to guarantee that your data is safe with ERP4 and that we apply best security practices on our hosted version, the ERP4 Online cloud.
Backups / Disaster Recovery
- We keep 14 full backups of each ERP4 instance for up to 3 months: 1/day for 7 days, 1/week for 4 weeks, 1/month for 3 months
- Backups are replicated in at least 3 different locations
- You can contact our Helpdesk to restore any of those backups on your live database (or on the side)
- Hardware failover: for services hosted on bare metal, where hardware failure is possible, we implement local hot standby replication, with monitoring and a manual failover procedure that takes less than 15 minutes
- Disaster recovery: in case of complete disaster, with a data center entirely down for an extended period, preventing the failover to our local hot-standby (never happened so far, this is the worst-case plan), we have the following objectives:
- RPO (Recovery Point Objective) = 24h. This means you can lose max 24h of work if the data cannot be recovered and we need to restore your latest daily backup
- RTO (Recovery Time Objective) = 8h. This is the time to restore the service in a different data center if a disaster occurs and a datacenter is completely down.
- How is this accomplished: we actively monitor our daily backups, and they are replicated in multiples locations. We have automated provisioning to deploy our services in a new hosting location in less than 30 minutes. Restoring the data based on our backups of the previous day can then be done in a few hours (for the largest clusters), with priority on the paid subscriptions.
We routinely use both the daily backups and provisioning scripts for daily operations, so both parts of the disaster recovery procedure are tested all the time.
- Customer data is stored in a dedicated database – no sharing of data between clients
- Data access control rules implement complete isolation between customer databases running on the same cluster, no access is possible from one database to another
- Customer passwords are protected with industry-standard PBKDF2+SHA512 encryption (salted + stretched for thousands of rounds)
- ERP4 staff does not have access to your password, and cannot retrieve it for you, the only option if you lose it is to reset it
- Login credentials are always transmitted securely over HTTPS
- ERP4 helpdesk staff may sign into your account to access settings related to your support issue. For this they use their own special staff credentials, not your password (which they have no way to know)
- This special staff access improves efficiency and security: they can immediately reproduce the problem you are seeing, you never need to share your password, and we can audit and control staff actions separately!
- Our Helpdesk staff strives to respect your privacy as much as possible, and only access files and settings needed to diagnose and resolve your issue
- All ERP4 online servers are running hardened Linux distributions with up-to-date security patches
- Installations are ad-hoc and minimal to limit the number of services that could contain vulnerabilities (no PHP/MySQL stack for example)
- Only a few trusted ERP4 engineers have clearance to remotely manage the servers – and access is only possible using SSH key pairs (password authentication disallowed)
- Firewalls and intrusion counter-measures help prevent unauthorized access
- Automatic Distributed Denial of Service (DDoS) mitigation is implemented in EU and US data centers, and coming soon in Asia
ERP4 Online servers are hosted in trusted data centers in various regions of the world (e.g. OVH, Google Cloud), and they must all exceed our physical security criterions:
- Restricted perimeter, physically accessed by authorized data center employees only
- Physical access control with security badges or biometrical security
- Security cameras monitoring the data center locations 24/7
- Security personnel on site 24/7
Credit Card Safety
- When you sign up for a paid ERP4 Online subscription, we do not store your credit card information
- Your credit card information is only transmitted securely between you and our PCI-Compliant payment acquirers: Paypal (even for recurring subscriptions)
- All web connections to client instances are protected with state-of-the-art 256-bit SSL encryption
- Our servers are kept under a strict security watch, and always patched against the latest SSL vulnerabilities, enjoying Grade A SSL ratings at all times.
- All our SSL certificates use robust 1024 and 2048-bit modulus with full SHA-1 and SHA-2 certificates chains
ERP4 codebase is continuously under examination. Community bug reports are therefore one important source of feedback regarding security. We encourage developers to audit the code and report security issues.
The ERP4 R&D processes have code review steps that include security aspects, for new and contributed pieces of code.
Secure by design
ERP4 is designed in a way that prevents introducing most common security vulnerabilities:
- SQL injections are prevented by the use of a higher-level API that does not require manual SQL queries
- XSS attacks are prevented by the use of a high-level templating system that automatically escapes injected data
- The framework prevents RPC access to private methods, making it harder to introduce exploitable vulnerabilities
Reporting Security Vulnerabilities
If you need to report a security vulnerability, please head over to our contact page. These reports are treated with high priority, the problem is immediately assessed and solved by the ERP4 security team, in collaboration with the reporter, and then disclosed in a responsible manner to ERP4 customer and users.