OneMore Secure and its affiliates respect your security and privacy. We place great importance on protecting the data in our services. This security measures describes your rights to privacy and our commitment to protecting your personal data. All major privacy decisions at OneMore Secure are made at management level.
Who we are
"OneMore Secure” means OneMore Secure AB which is a Swedish registered company (Org nr 559389-1764).
OneMore Secure helps businesses throughout Europe become better at Cyber Security. The company develops and sells digital products as "Supply Chain Security". OneMore Secure was founded in 2022 and has an office in Stockholm, Sweden.
Application stack
Our
application relies on a well-established stack of technologies to deliver
robust performance and security:
Asp.net
MVC: This framework provides a structured approach to building web
applications, allowing for efficient development and maintenance.
Asp.net: Asp.net
is used for web forms and dynamic web applications, contributing to the
interactive elements of our system.
MSSQL: We utilize Microsoft SQL Server for data storage and retrieval,
ensuring data integrity and reliability.
Multi-Factor Authentication (MFA)
Our
application incorporates Multi-Factor Authentication (MFA) to bolster user
account security. One of the MFA methods employed is Microsoft or Google Authenticator,
which requires users to provide a one-time code in addition to their password
for authentication. This adds an extra layer of protection against unauthorized
access.
HTTPS (SSL/TLS) for Secure Communication
To secure data during transit, we use HTTPS (SSL/TLS). This
cryptographic protocol ensures that data exchanged between the user's browser
and our servers remains encrypted and protected from eavesdropping.
Database
Encryption for Data-at-Rest Security
We take data security seriously and
employ database encryption to protect data at rest. This means that even if
someone gains access to our database, the data will remain encrypted and
unreadable without the proper decryption keys.
Encryption:
SHA256 on data in transit and AES256 on data at rest.
HTTP Security Headers
Our application leverages various HTTP security headers to enhance
security:
Content-Security-Policy: This header defines the content sources
allowed for our web pages, mitigating the risk of cross-site scripting (XSS)
attacks.
Strict-Transport-Security: By enforcing HTTPS, we prevent
man-in-the-middle attacks and secure communications between the client and
server.
X-Content-Type-Options: This header prevents browsers from interpreting
files as something else than declared by the content type, reducing the risk of
certain attacks.
Referrer-Policy:
This header controls what information is included in the Referrer header when
navigating from one page to another.
Permissions-Policy:
We specify permissions for various browser features, ensuring a higher level of
control over how our application interacts with the user's device.
X-Frame-Options:
This header helps prevent clickjacking attacks by specifying whether a browser
should be allowed to render a page in a frame, iframe, embed, or object.
Deployment Architecture
Our application is deployed on Azure, a Microsoft cloud platform. Azure provides scalability, reliability, and security,
which are crucial for our system's performance.
Virtual Machine (VM) in Azure
o Operating system: Windows Server 2019 Datacenter
o Location: Sweden Central
o The
virtual server can only be accessed from whitelisted IP addresses
Certification
OneMore Secure is certified according to SSF 1101 Cybersecurity. The certificate is valid until 2026-10-22.
Additional information
For
more about Data Protection Agreement, see OneMore Secures DPA.
For
more about Terms & conditions, see OneMore Secures Terms & Conditions.
This is how you contact us
Feel free to contact us if you have any questions about our privacy policy:
