top of page
Search
  • Soterweb

5 Questions you should ask your CAFM provider...?

Updated: Mar 18, 2022

Computer-aided facility management (CAFM) software is essential in driving maintenance management efficiencies, meeting regulatory requirements and store facilities management and asset-related data all on one, easy to access platform.

Although the data held in CAFM systems isn’t usually individuals data, such as bank account details, the data does tend to be commercially sensitive and therefore is still appealing to hackers which in turn would impact your business. At Soterweb we know your data must be protected and we believe it is important for you, the user to know how we are keeping your data safe and secure. 1. Do they conduct regular penetration testing?

As a minimum your CAFM provider should conduct penetration tests against their platform on an annual basis. We are proud to say at Soterweb, we have passed and continue to pass the Penetration tests executed by external specialist ‘white-hate’ hackers. All of our tests also come with a detailed report to see where, even when we pass, we can improve to see ensure optimum protection for you, our clients. 2. Is your sensitive data being encrypted ?

We understand the importance of protected sensitive data which is why we like to group our data by utilising encryption and hashing. Encryption is a two-way process meaning it can be reversed. It’s useful for storing sensitive items, such as access to customers’ external systems, but we understand that it should not be used to store passwords

Alternatively, Soterweb uses Hashing to store data such as passwords. Hashing is a security mechanism whereby a set of one-way mathematical calculations transform a plain text password into seemingly random characters. This prevents anyone from seeing the original text, which makes it ideal for storing passwords. By hashing passwords, even if somebody were to infiltrate the system, your login details would remain hidden and therefore extremely secure. 3. Do they use salting as well as hashing?

At Soterweb we want to be the best and take that extra step to ensure your data is safe. As well as ‘hashing’, we also perform ‘salting’. ‘Salting’ provides an additional layer of protection by appending random text to the end of your password, then hashing the entire string of characters. Salting prevents the use of ‘rainbow tables’ (a pre-computed list of commonly used passwords) which could unscramble passwords and use them to gain access to multiple user accounts. 4. Do they follow OWASP and have an internal secure coding process? Software developers should ensure the use of secure coding within their applications. Soterweb’s developers have implemented the use of Open Web Application Security Project (OWASP) which is one of the most important tools for developers to ensure they don’t fall foul of the biggest coding risks. This provides a continuously updated list of the largest threats and risks – all of which are rooted in coding mistakes – according to the industry. 5. What quality control measures are implemented before new code goes into the product? At Soterweb our quality assurance and control measures are of the upmost importance to us. Every product change, no matter how incremental, is checked by at least one other senior developer before inclusion in the main branch of the platform. These five questions are essential is deciding a CAFM system operator. As well as this, the national standards relating to GDPR compliance and ISO 27001 certification or that they are working to the ISO standards are paramount. Soterweb operates according to all of the above and is proud to do so.

7 views0 comments
bottom of page