Security

Worksavi places the security and confidentiality of our customer’s data in the highest regard and employ the following measures of protection.

Securing your Data

All our customer data is hosted on Amazon AWS infrastructure. With AWS, our customers will gain the control and confidence needed to securely run their businesses with the most flexible and secure cloud computing environment available today.

Our customers will benefit from AWS data centres and a network architected to protect their information, identities, applications, and devices. That infrastructure will improve their ability to meet core security and compliance requirements, such as data locality, protection, and confidentiality with our comprehensive services and features.

WorkSavi have full control of your data stored with us and who can access it.

Data Centre Security

AWS employ a robust physical security program with multiple certifications, including an SSAE 16 certification. For more information on Amazon’s physical security processes, please visit aws.amazon.com/security.

Application Level Security

Robust Authentication system

WorkSavi use a robust user authentication process by using “providers” and “guards” to facilitate the authentication process. The purpose of “guards” is to authenticate users for each request they make, while “providers” facilitates to retrieve back the users from the database.

Reduce Vulnerabilities From CSRF (Cross Site Request Forgery)

WorkSavi application typically uses CSRF tokens to make sure that external third parties couldn’t generate fake requests and should not breach the Application security vulnerabilities.

SQL Injection

WorkSavi Application Eloquent ORM uses PDO binding that protects from SQL injections. This feature ensures that no client could modify the intent of the SQL queries.

Security in the Software Development Lifecycle

WorkSavi uses the git revision control system. Changes to code base go through a suite of automated tests and are reviewed and go through a round of manual review. When code changes pass the automated testing system, the changes are first pushed to a staging server wherein WorkSavi employees are able to test changes before an eventual push to production servers and our customer base. We also add a specific security review for particularly sensitive changes and features. Our engineers also have the ability to “cherry pick” critical updates and push them immediately to production servers.

Monitor and Backup

Every time you update anything in WorkSavi, your input is encrypted and backed up to multiple data centre availability zones. This means that all data is written to multiple disks instantly, backed up daily, and stored in multiple locations. Files that our customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure. Redundant hosting means you get instant access, no matter where you are. Our systems are engineered to stay up even if multiple servers fail.

WorkSavi have access to data and actionable insights to monitor our Infrastructures.

Respond to system wide performance changes
Optimise resource utilisation
Get a unified view of operational health

WorkSavi fully managed backup service that makes it easy to centralise and automate the backup of data across all Platforms and infrastructure.

Daily backup and retained for 30 days
Configure backup policies
monitory backup activity
Encrypt backup

Monitor | Modify | Restore

Every interaction you have with WorkSavi is encrypted via HTTPS. This means that whenever your data is in transit between you and us, everything is encrypted, and sent securely. Any files which you upload to us are stored and are encrypted at rest. Any project data (i.e., comments, tasks, and allocations) are encrypted at the database level using AES 256 encryption. Our backups of your data are also encrypted using AES 256.

WorkSavi cyber security best practices and security policies

Worksavi employees are aligned with the security practices and follow inhouse rules as below;

Firewall
Physical Security Precautions
Email Threats
2FA – Two-Factor authentication system
SSH Access only to Servers
Enforce safe password practices
Install anti-malware software
Unsecured Devices

In June WorkSavi had a Well-Architected Framework Review (WAFR) by an external AWS Approved Consultancy. Findings were highlighted and recommendations were implemented. We hold regular reviews of our Architecture and infrastructure covering;

Operational Excellence
Security
Reliability and back-up
Performance Efficiency
Cost Optimisation

Stripe Payment

WorkSavi uses Stripe’s products to power payments for all online transactions.

Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, we make use of best-in-class security tools and practices to maintain a high level of security at Stripe.

Stripe forces HTTPS for all services using TLS (SSL), including our public website and the Dashboard.

Stripe.js is served only over TLS
Stripe’s official libraries connect to Stripe’s servers over TLS and verify TLS certificates on each connection

Stripe regularly audit the details of our implementation: the certificates they serve, the certificate authorities used, and the ciphers they support. Stripe use HSTS to ensure browsers interact with Stripe only over HTTPS.

Encryption of sensitive data and communication

All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).

GDPR – General Data Protection Regulation

Compliance with and to international law and regulations are very important to us. The GDPR (General Data Protection Regulation) is an essential piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union. We fully support the GDPR and you can read more in our Privacy Policy.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.