What Are The Hosting Options You Propose?
The Terranoha service can be hosted in public or private cloud and is running on the physical hardware in single tenant mode.
Can We Download And/Or Move Data At Any Time?
Terranoha can provide full audit trail around the software via reports or API with additional fees. Besides, we can send reports about infrastructure with additional cost once the customer ‘s needs are defined.
How Is History Stored?
All historical data is stored under a database real-time cluster behind a firewall and protected from the direct access by IP security.
What Is Your Information Security Program To Safeguard Data & Systems Against Cyber Threats?
All sensitive data is secured by firewalls using strict rules and are stored on isolated networks.
All devices are protected by access-lists and filters to prevent unauthorised access.
What Are Your Backup Policies & Procedures, Including RTO & RPO Commitments?
- The database is been replicating Realtime continuously.
- Technical logs are backup every day.
- The failover takes over and awake the sleeping server.
- Our service uses a principle of fallback to check the first IP responding.
- Restoring time is 15 min.
How Do You Ensure Data Security When Individuals Are Executing Transactions Or Viewing Sensitive Data Remotely Via A Mobile Device?
The Terranoha service has an independent (secondary) authentication procedure that ensures all access right within the application calls apart of the used the third-party software to reach the service.
Do You Provide A 2FA (Two-Factors Authentication) Method?
Yes, we can implement 2FA , by methods provided by your access authorisation provider.
Can This Be Automatically Enforced Based On The Users’ Profile And Authorization Level?
Yes it can be enforced if security provider rules applied on customer profile.
Are Access Logs Maintained By User Identification And What Is Contained On Them?
Yes, they are; the access logs contain the following information on date/time, personalization, source.
Is Data-In-Transit Encrypted?
All transit data is encrypted with RSA (2048-bit RSA key) TLS v1.2 minimum.
What Is Your Security Policy To Ensure Proper Policies And Procedures Are In Place To Protect Data?
We do not store sensible data about clients but Key reference.
Any other kind of information is kept within secure, and password protected storages behind a firewall and are accessible only by authorized person.
How Your System Supports Role-Based Access Controls To Ensure People Have The Appropriate Access To Data Based On Primary Organizational Roles?
We have an access right matrix that is applicable by role but that might be customized by attributes. Our model is based on Role-centric RBAC-A security model.
How Are Audit Reports & Logs Stored?
Log are stored on disk (brut or via DB) for 10 years but archived every 48h.
How Do You Secure Those Logs To Prevent Data Tampering & Data Destruction?
The audit reports and logs storage are distributed between multiple types such as database and log files. The database storage protected by the IP security and only authorized person can access it on top of it. The log files are archived automatically on the daily basis and stored in a secured place protected by the authorized access security.
What third-party providers do you currently have a “standard” interface with?
We have most all the usual suspects (Tier1 banks) (Tiers 1 software providers)(Tiers 1 exchange)
What is the architecture/tools/process we would need to follow to complete to interface to a third-party system which you do not have a standard interface for
In this case Terranoha will request ROE + UAT to implement its TNA Plugin service.
What APIs does TNA support?
Terranoha provides JSON and FIX protocol.
What is the process to access the database for data query/extraction?
It is not possible to access any kind of data stored in the database directly, but it is possible to access it through public API only.
Do you support custom interfaces?
Yes, Terranoha does. This is the goal of our plugin service.
What is your solution’s ability to integrate bi-directionally with additional programs in an automatic way?
There is no automatic way. However, Terranoha has its own proprietary framework to implement any bidirectional custom communication channel.
Does your solution allow outside authentication mechanism?
Yes. The Terranoha service is integrated with MS LDAP or AD and ADFS .
Is it possible to perform Single Sign-On authentication with client' s Active Directory?
Yes. The Terranoha service can perform SSO with both Azure and on-premise AD via msal4j library.
Can users’ permissions be verified using custom Active Directory groups and/or attributes?
Terranoha is capable to make a verification of custom access permissions only.