Security policies

Data security measures Copied

Capacity Planner has implemented a systematic approach to keep your data safe.

The following security measures are in place:

Network Copied

We separate our Internet-facing systems from our other servers, and we use IPSec security technology to link our servers together in the private network. IPSec ensures each data packet is authenticated and encrypted when servers communicate with each other.

Browser security Copied

When you access Capacity Planner, your browser displays a secure padlock indicating that Capacity Planner is a secure site. This means that all data transmitted between your browser and our servers is encrypted.

Capacity Planner uses the strongest browser encryption products available to protect your data. We use 128 bit SSL Comodo High Assurance Secure Server Certificate Authority including RSA as the key exchange mechanism.

User authentication Copied

When you sign up to Capacity Planner, we verify your email address to uniquely identify you. If you forget your password, we will send you an email to reset it.

We ask you to use a password that is likely to be longer and more complex than your corporate standard because it makes it harder to crack.

It is worth remembering that a minimum length of 10 characters increases the number of attempts needed for a successful brute force attack from 958 (for an 8 character password) to 9510, making our password system nearly ten-thousand times stronger.

Your password is only ever stored in one place on our system and it is hashed and salted. We do not know it nor will we ever ask you to give it to us.

Application security Copied

Your data is only ever stored in our production environment and, for a limited time, in the backup files we take of those systems.

Our server’s file systems and databases are encrypted using 256 bit Windows EFS.

All the encryption keys are stored in a restricted and secure area external to the Capacity Planner systems.

We have processes in place to restrict our access to your data including strict audit trails. We only ever look at your data if you give us permission to do so through a support request.

Managing threats and vulnerabilities Copied

Following good industry best practice, we do the following:

Information we store about you Copied

The only data about you that we can access and store is your registration data (typically just a user name). This is necessary so that we can support you if you have any requirements to contact us.

Furthermore, we store and we can access any correspondence between us and you. This includes support tickets raised, and purchases including invoices. But please note we do not store payment data (for example, credit card numbers) in any of our systems.

What is not secure Copied

Once data is in your browser it is not encrypted (data is only encrypted during transportation). We also cannot protect information that you may store locally on your systems (for example, reports). This is your responsibility.

Data sensitivity Copied

In forming a judgement as to whether you regard our security as sufficient for your business, you should consider how sensitive the data is that you intend to send to us.

The data we process for you is related to your infrastructure and infrastructure performance. It is unlikely that this reduced data will contain commercial or personal data, and as such will, in most businesses, be regarded as very low risk.

However, as a policy, we treat all your data as confidential and we have put in place security measures to protect it. Even if you classify your data as sensitive we hope you will agree our security measures are strong enough to use our services.

Contact Copied

We feel we have done everything we should to protect your data and to give you the information you need to make an informed decision about Capacity Planner security.

If you require further detail to satisfy your security concerns, please contact your account representative. We have a number of security papers available which will allow you to make a fully informed assessment of our security measures.

["Capacity Planner"] ["User Guide"]

Was this topic helpful?