Skip to content
Contact us
  • There are no suggestions because the search field is empty.

Plandisc organisation and programmes

1. Plandisc organisation and programmes - Introduction

This article will focus on clarifying the questions regarding programmes that is used or could be used by Plandisc and how Plandisc organises their company in various situations.

2. Questions taking point in programmes or methods

2.1 Consensus Assessment Initiative Questionnaire (CAIQ)

Plandisc does not currently have a full response on the CAIQ. They are willing to answer any relevant question from the CAIQ.

2.2 Active Directory

Active Directory will need to be exposed to the Internet.

2.3 Account Throttling/Account Lockout

By request accounts can be locked from Plandisc. Otherwise Plandisc relies on the account throtteling and lockout proviede by Azure AD.

2.4 Utilization of Open Standards 

With OAuth 2.0 and OpenID Plandisc can authenticate accounts provisioned through Azure AD.

2.5 LDAP/LDAPs Access?

Uses Azure AD

2.6 Secure Software development

To Plandisc's own benefit they do as good as they can. Not certified or something else.

2.7 Authorization and Access Management

Azure AD integrated

2.8 Business Units?

Plandisc is currently not used in other Business Units

 

3. Questions about API

3.1 Outbound API's

Web browser is the only way to communicate between customer and Plandisc. It is possible to use a plug-ins for Outlook.You can also interact with Plandisc, with two-way synchronization. This feature can be disabled.

3.2 API Encryption

All data sent over https protocol

3.3 API Documentation

The interaction is not used through an API, only the web browser.

3.4 OWASP Top 10

Hard to provide evidence that this is something that we are working with. We will get back on this one…

3.5 API to fetch or export all MKB data on demand

We need to secure we can fetch data which is relevant for us, e.g. for analysis of future migration.

 

4. Questions about Plandisc organisation

4.1 Segregation of Duties

No documentation available at this moment. Can do some documentation if it will be required.

4.2 Auditing and Access Rights Review

Support doing audits of rights

4.3 Supplier Relationship Security Policy (SRSP)

Plandisc has a list of subprocessors, which can be found here: https://mk0plandiscclonj4eof.kinstacdn.com/wp-content/uploads/2020/11/Subprocessor-description-ENG-4-1.pdf