1. Plandisc organisation and programmes - Introduction
This article will focus on clarifying the questions regarding programmes that is used or could be used by Plandisc and how Plandisc organises their company in various situations.
2. Questions taking point in programmes or methods
2.1 Consensus Assessment Initiative Questionnaire (CAIQ)
Plandisc does not currently have a full response on the CAIQ. They are willing to answer any relevant question from the CAIQ.
2.2 Active Directory
Active Directory will need to be exposed to the Internet.
2.3 Account Throttling/Account Lockout
By request accounts can be locked from Plandisc. Otherwise Plandisc relies on the account throtteling and lockout proviede by Azure AD.
2.4 Utilization of Open Standards
With OAuth 2.0 and OpenID Plandisc can authenticate accounts provisioned through Azure AD.
2.5 LDAP/LDAPs Access?
Uses Azure AD
2.6 Secure Software development
To Plandisc's own benefit they do as good as they can. Not certified or something else.
2.7 Authorization and Access Management
Azure AD integrated
2.8 Business Units?
Plandisc is currently not used in other Business Units
3. Questions about API
3.1 Outbound API's
Web browser is the only way to communicate between customer and Plandisc. It is possible to use a plug-ins for Outlook.You can also interact with Plandisc, with two-way synchronization. This feature can be disabled.
3.2 API Encryption
All data sent over https protocol
3.3 API Documentation
The interaction is not used through an API, only the web browser.
3.4 OWASP Top 10
Hard to provide evidence that this is something that we are working with. We will get back on this one…
3.5 API to fetch or export all MKB data on demand
We need to secure we can fetch data which is relevant for us, e.g. for analysis of future migration.
4. Questions about Plandisc organisation
4.1 Segregation of Duties
No documentation available at this moment. Can do some documentation if it will be required.
4.2 Auditing and Access Rights Review
Support doing audits of rights
4.3 Supplier Relationship Security Policy (SRSP)
Plandisc has a list of subprocessors, which can be found here: https://mk0plandiscclonj4eof.kinstacdn.com/wp-content/uploads/2020/11/Subprocessor-description-ENG-4-1.pdf