Open menuOpen menu
Our rules

Security

Table of contents

Following these simple steps should ensure that data stays secure:

Hardware:

  1. Always encrypt your hard-drive. In Ubuntu use full-disc encryption, in OSX use File Vault.

  2. Do not connect to public WiFi. Never. Anywhere.

    • if you need internet access, take the company’s 3g-router
    • if it’s not possible, use your mobile as 3g-hotspot and just ask for a refund for using mobile data

  3. If possible, have Bluetooth turned off. Always have Bluetooth turned off when you’re not in the office or at home.

  4. Always have your mobile secured by PIN (Hello, Captain Obvious!)

  5. If you’re using Google Authenticator on your mobile, ensure that accessing your mobile phone data is not possible without the password

  • make sure, that after 10 tries it will auto-wipe
  • ensure that no one can read text messages on your phone without providing the password first (turn off text-message notification on lock screen)

Software:

  1. 2F Auth must be turned on wherever this is possible; ensure that you have turned it on for GSuite, GitHub, Bitbucket, Gitlab and other services we’re using on a daily basis.
  2. Your computer must have auto-lock turned on, the suggested timeout is 1 minute. Every team member caught leaving his computer unlocked is obliged to buy doughnuts to the office as penalty compensation.
  3. Use a secure password manager, ie. KeePassXC
  4. Use GPG to sign your mail
  5. on OSX you can use either Thunderbird or GPG Suite with Mail.app. MailMate also has nice support for GPG
  6. GnuPG is most likely installed on Linux, if you’re using one
  7. Use your GPG to sign your commits
  8. Never send credentials / API keys / etc in plain text
  9. To share files within company use intranet and shared hard drive To share files with clients, use S3 bucket and signed links (with an expiry set to max 24h)

ISO 27001: Information Security Management at Prograils

In December 2019 Prograils received the ISO 27001 certificate (no IS 718906). The certificate confirms that our operations in the field of designing, building and developing of IT systems, web & mobile applications, as well as consulting is in line with the information security norm ISO 27001:2013, and that we have created and implemented our own Information Security Management System.

Long story short: any information, from source code to user data at Prograils is strictly protected and confidential. The ISO 27001 certification is unbiased proof that software development at Prograils is done according to the highest standards.

If you want to read the Prograils Information Security Policy, get in touch with us.

Check our latest product - it's based on our experience of managing over 50-people strong company. The tool we're missing as a small company and not an enterprise.
humadroid.io is an employee and performance management software. It's an unique tool allowing everyone to be in the loop - by having up to date info about co-workers, time-off, benefits, assets, helping with one-on-ones, being a go-to place for company-wide announcements.
Check out humadroid.io
Top

Contact us

* Required fields

The controller of your personal data provided via this contact form is Prograils sp. z o.o., with a registered seat at Sczanieckiej 9A/10, 60-215 Poznań. Your personal data will be processed in order to respond to your inquiries and for our marketing purposes (e.g. when you ask us for our post-development, maintenance or ad hoc engagements for your app). You have the rights to: access your personal data, rectify or erase your personal data, restrict the processing of your personal data, data portability and to object to the processing of your personal data. Learn more.

Notice

We do not track you online. We use only session cookies and anonymous identifiers for the purposes specified in the cookie policy. No third-party trackers.

I understand
Elo Mordo!Elo Mordo!