Issuetrak Security

We understand how important security and reliability are when it comes to keeping your business operations safe and always running. That’s why Issuetrak is loaded with built-in security measures that address a variety of vulnerabilities common to web-based applications.

Learn more

Cloud Security

Application Security

Reporting Security Concerns

gdpr

ccpa

Cloud reliability, security, and infrastructure

Reliability and security are important aspects of any successful business. As a business partner, Issuetrak values the data and security of our customers.

We leverage world-class hosting facilities provided by Amazon Web Services to deliver the best possible web experience to our customers.

Have questions about security?

Can't find something in our documentation? Shoot us an email and we'll respond as soon as possible.

Need more details about privacy?

Privacy is very important to us. If you'd like to learn more about how we handle privacy, reach out and let us know.

Support Documents? We got 'em.

If you need documentation during your compliance or prospecting journey, we'll send you everything you need.

Security deep dive? Trust is key!

If you want to look deeper into how we've integrated security into Issuetrak, our Trust Center is a fantastic resource.

SOC 2 Certified

SOC 2 is a security framework that specifies how organizations should protect customer data from unauthorized access, security incidents, and other vulnerabilities.

Compliance with SOC requirements indicates that an organization maintains a high level of information security. Strict compliance requirements, tested through on-site audits and independent vendor assessments, can help ensure sensitive information is handled responsibly.

Cloud security measures provided by Issuetrak

Issuetrak Cloud operates in AWS infrastructure, one of the most flexible and secure cloud computing environments available. Additionally, security is central to how we manage and maintain our cloud environment.

: Physical access is routinely audited

Authorized employees are challenged with two-factor authentication

Around-the-clock interior and exterior surveillance

Intrusion detection systems

Secure site selection, redundancy, availability, and capacity planning

Unmarked facilities to help maintain a low profile

Physical security audited by an independent firm
: Network Traffic isolation

Each function is isolated to a different subnet

Nonconformant network traffic is rejected

Customer traffic is managed separately from administrative traffic

Network Access Control Lists (NACL) are used in conjunction with security groups

Virtual Private Network (VPN) configured for support and maintenance access

Distributed Denial of Service (DDoS) protection

Automatic inline attack mitigations
: Application service and status monitoring

Server vital statistic monitoring (CPU, Memory, Disk, Network)

SQL Server Severity alerts

Windows Event monitoring and auditing

System Auditing

Single-tenant databases per customer

Secure Socket Layer (SSL) encryption enforced

SSL Protocol / Cipher Suite testing and remediation

Monitoring/security information restricted to limited authorized personnel

Server event auditing

Dynamic Data Masking

CloudWatch - Securely logs for compliance and retention with targeted alerting

Security logging and analysis via AWS CloudTrail

Monitoring and auditing configuration via AWS Config

Resource and application maintenance via AWS System Manager

Configuration best practices and AWS recommendations continuously applied as provided by AWS Trusted Advisor

Environment configuration compliance to CIS AWS Foundations Benchmark and AWS Foundational Security Best Practices with AWS Security Hub

Vulnerability scanning via AWS Inspector

Access for authorized personnel managed via AWS Identity and Access Management (IAM)

Two-factor authentication required for all AWS resources

Adherence to CIS AWS Foundations

Isolated network in AWS Virtual Private Cloud

Network traffic controlled via AWS Security Groups and Network Access Control Lists

Monthly third-party vulnerability testing and auditing
: Physical database integrity checks every night

Logical database integrity checks every week

Update database statistics every night

Reorganize fragmented database indexes every night

Antivirus scanning continuously
: Our Disaster Recovery (DR) plan relies upon infrastructure-as-code automation deployment

Recovery Time Objective (RTO) within 4 hours and Recovery Point Objective (RPO) within 6 hours

Daily Elastic Block Storage (EBS) snapshots backed by Amazon Simple Storage Service (S3)

Encryption at rest and in transit

Encrypted full database backups are taken daily and transferred to an encrypted S3 bucket

Encrypted transaction log database backups are taken and transferred to S3 every 15 minutes

Encrypted AMI's and Snapshots backed up in AWS secure datacenters
: Data centers are fed power via different grids from independent utilities

N+1 redundant UPS power subsystem with on-site generators

N+1 redundant HVAC system
Advanced fire detection and suppression systems

Leakage Detection

Multiple network paths with multiple service providers

Regularly exceeds 99.96% uptime

Issuetrak Application Security

Our dedication to security extends deep into the application. Better still, our built-in security precautions are virtually invisible to your users, ensuring no impact on the user experience.

: Cross-Site Scripting (XSS) Protection

Encrypted UserIDs in HTTP Requests (POST)

Ability to disable Form Caching (optional)

Prevents hackers from accessing cached form field values

Blocks multiple users sharing a workstation from seeing cached form field values entered by other users

Secure Client-Side Cookies

Click-jacking Prevention and Security Measures (optional)

Built in SQL Injection Prevention

Cross-Site Referencing Forgery (CSRF) Security Measures (optional)

Use of an HTTP-Only attribute on cookies ensures client-side scripting cannot access the cookies.

On deployments that utilize TLS, only specific third-party HTTP requests (such as CSS and fonts) are whitelisted and allowed in the product.

HTTP Strict Transport Security (HSTS) - Forces TLS communication between server and browser is TLS configuration is present and valid

HTTP request verbs are limited to POST and GET for the main Issuetrak deployment, while also allowing PUT on the API deployment

HTTP request strings containing less-than (<) or greater-than (>) signs are denied.

A Feature-Policy HTTP response header is in place to deny client-side access to unused browser features

Content-Type HTTP requests are limited to 100 bytes

Deployments utilizing SSL/TLS have a URL rewrite deployed for redirecting HTTP traffic to the proper HTTPS binding

Sub-Resource Integrity (SRI) is implemented to verify that resources are delivered without unexpected manipulation.

Every stylesheet reference in the product uses absolute URLs instead of relative URLs to prevent a Path-relative stylesheet import (PRSSI) vulnerability.

Application-based Session Timeout configuration
: Roles and permissions – More than 55 permissions focused on access control

Configuration options to segment access and visibility via Organizations, Departments, or Groups

Private data fields accessible only by permission

Issue Audit logging

Configuration auditing and logging (Admin Auditing)

Restricted Searching and Reporting capabilities

Customizable Password Policy

Password Self Service

Configurable Password Complexity

Application user account passwords are secure with the NIST-recommended PBKDF-2 function, with an iteration count that exceeds current recommended standards, and that continues to increase automatically as time progresses.

Password reset emails have a configurable validity period from 1 to 168 hours.

For each new password stored, a new, cryptographically random 64-byte salt is generated and supplied to the function along with the plaintext password.

The hash used in the function is SHA-512.

Password hashes are retained only as long as the site administrator has configured, and plaintext passwords are never sent to the database.

Passwords for connecting to external servers (such as mail servers and Active Directory servers) are encrypted with AES-256 in CTR mode using HMAC for authentication, using the SHA-384 algorithm.

Keys are generated as sets of cryptographically random 32-bytes.

During use, these keys are stored as DPAPI-encrypted nodes within the ASP.NET website’s “web.config” file.

All encryption libraries used are professionally audited.
: Database Encryption provided through the SQL Server’s Data Encryption capabilities

Supports usage of an SSL/TLS to encrypt network traffic

Database Connection String Encryption via DPAPI (Data Protection Application Programming Interface) – DPAPI is a cryptographic application programming interface available as a built-in component in Microsoft Windows operating systems.

Encrypted Core and Service connection strings

Support for Integrated Security connection to SQL Server
: Security auditing via network and application penetration testing

Vulnerability analysis and application scanning

Code assessment via analysis tools and peer reviews

Agile workflows for quick identification and resolution of vulnerabilities

Regular updates are released, ensuring customers the latest application and security innovation

Continuing education and security training for all employees
: Encrypt all data exchanged between your Active Directory (AD) and Issuetrak servers using the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) option.

Requires valid LDAP over SSL (LDAPS) certificate installed on your Domain Controller (DC)

Requires DNS and port settings configured within your network

Requires AD module and AD server settings configured within Issuetrak application (supports multiple domains)

Compatible with Common Access Cards (CAC) and Smart Cards to control Issuetrak users' access and information

Single Sign-On

Secure User provisioning

Encrypt all data exchanged between Active Directory (AD), Active Directory Federation Services (ADFS), and Issuetrak servers using the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) option.

ADFS connectivity via OAUTH2

Customizable claims and user mapping

Requires valid configuration and for certificate installed of ADFS

Requires DNS and port settings configured within your network

Requires AD module and ADFS server settings configured within Issuetrak application (supports multiple domains)

Reporting security questions or concerns

Issuetrak aims to keep its product and services safe for everyone, and data security is our utmost priority. If you are a security researcher and have discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.

We ask that you keep your findings confidential and do not share or publicize an unresolved vulnerability with/to third parties. If you submit a vulnerability report, the Issuetrak security team and associated development teams will use reasonable efforts to:

Respond in a timely manner, acknowledging receipt of your vulnerability report
Investigate the reported issue and provide feedback
Seek your guidance in identifying or replicating the reported issue
Let you know when the vulnerability you've identified has been fixed

Please contact us at security@issuetrak.com with any relevant information so we can investigate security issues immediately.

Looking for more?

Want to see the latest release notes? Our Help Center has all the details on our latest update plus all past versions of Issuetrak. Stop by and discover what you might be missing.

View Release Notes

Product Overview

Product Roadmap

Implementation

Submit tickets from anywhere

Issue Hub

Round Robin Issue Assignment

Task flows

Knowledge Base

Asset Management

Try a free demo

Integrations

Help Desk

Customer Support

Complaint Management

Start-ups

Small/Medium

Enterprise

Education

Finance

Government

Healthcare

Manufacturing

Nonprofit