Security & Compliance
      Back to home
      1. Support Center
      2. Security & Compliance

      What is D&M's Security Framework?

      Security is D&M's absolute top priority - now we can´t tell you all but here are some highlights.

      1. All communication between servers and browsers is encrypted
      2. We use app registration for office365
      3. We use SSL, TLS 1.3
      4. Our VPN is based on OpenVPN due to its transparency and quality
      5. All data is encrypted in transit and at rest
      6. We continually monitor for abnormalities
      7. We scan for known vulnerabilities in both custom code and commercial applications.
      8. We are ISAE 3000 and 3402 certified.

       

      image-png-Mar-14-2024-10-18-01-7164-AM

      - dataflow for Microsoft - flow model for other data sources available upon request to: support@dataandmore.com

      Please note:
      1. The Data Responsible keeps control of access to the  Microsoft 365 data

      2. The Data Responsible keeps control of the scope of the Microsoft 365 data

      3. Transport of data between the Compliance Server and Microsoft 365 is encrypted using TLS 1.3

      4. The Data Responsible can at any time revoke access, and all data will be deleted in the Compliance Server within 72 hours

      Standard Security Framework (SSF)

      D&M have developed a high-security framework for monitoring, accessing, updating and maintaining the DMCSs. An abstract of the framework can be made available to enterprise customers on a need-to-know basis and presupposes an NDA. Part of the framework consists of layered VPN connections with point-to-point access as well as a number of other monitoring and encryption services. The technology used for VPN is OpenVPN, which provides transparency in implementation and highly stable encryption. The organizational aspect of the D&M SF is covered in the ISAE 3000 and ISAE 3042


      Custom Security Framework (CSF)

      For some enterprise customers, the D&M Standard security framework is not compatible with the enterprise policies. In such cases, D&M can accept the Custom Security Framework - as long as it does not compromise any of D&M's security policies. Any access to the DMCS other than D&M Point-to-Point OpenVPN connections will require a CSF clearance by D&M Security. This includes access to customer data via services such as  RDB, Citrix, and GlobalConnect. Any customer that requires a CSF must obtain both a Premium and a CSF subscription on the DMCS.

       

      ISAE 3402 Black ISAE 3000 Black