Additional Security Measures
OneMore Secure and its affiliates respect your security and privacy. We place great importance on protecting the data in our services. This security measures describes your rights to privacy and our commitment to protecting your personal data. All major privacy decisions at OneMore Secure are made at management level.
"OneMore Secure” means OneMore Secure AB which is a Swedish registered company (Org nr 559389-1764).
OneMore Secure helps businesses throughout Europe become better at Cyber Security. The company develops and sells digital products as "Supply Chain Security". OneMore Secure was founded in 2022 and has an office in Stockholm, Sweden.
Application stack
Our application relies on a well-established stack of technologies to deliver robust performance and security:
Asp.net MVC: This framework provides a structured approach to building web applications, allowing for efficient development and maintenance.
Asp.net: Asp.net is used for web forms and dynamic web applications, contributing to the interactive elements of our system.
MSSQL: We utilize Microsoft SQL Server for data storage and retrieval, ensuring data integrity and reliability.
Multi-Factor Authentication (MFA)
Our application incorporates Multi-Factor Authentication (MFA) to bolster user account security. One of the MFA methods employed is Microsoft or Google Authenticator, which requires users to provide a one-time code in addition to their password for authentication. This adds an extra layer of protection against unauthorized access.
HTTPS (SSL/TLS) for Secure Communication
To secure data during transit, we use HTTPS (SSL/TLS). This cryptographic protocol ensures that data exchanged between the user's browser and our servers remains encrypted and protected from eavesdropping.
Database Encryption for Data-at-Rest Security
We take data security seriously and employ database encryption to protect data at rest. This means that even if someone gains access to our database, the data will remain encrypted and unreadable without the proper decryption keys.
Encryption: SHA256 on data in transit and AES256 on data at rest.
HTTP Security Headers
Our application leverages various HTTP security headers to enhance security:
Content-Security-Policy: This header defines the content sources allowed for our web pages, mitigating the risk of cross-site scripting (XSS) attacks.
Strict-Transport-Security: By enforcing HTTPS, we prevent man-in-the-middle attacks and secure communications between the client and server.
X-Content-Type-Options: This header prevents browsers from interpreting files as something else than declared by the content type, reducing the risk of certain attacks.
Referrer-Policy: This header controls what information is included in the Referrer header when navigating from one page to another.
Permissions-Policy: We specify permissions for various browser features, ensuring a higher level of control over how our application interacts with the user's device.
X-Frame-Options: This header helps prevent clickjacking attacks by specifying whether a browser should be allowed to render a page in a frame, iframe, embed, or object.
Deployment Architecture
Our application is deployed on Azure, a Microsoft cloud platform. Azure provides scalability, reliability, and security, which are crucial for our system's performance.
Virtual Machine (VM) in Azure
o Operating system: Windows Server 2019 Datacenter
o Location: Sweden Central
o The virtual server can only be accessed from whitelisted IP addresses
Certification
OneMore Secure is certified according to SSF 1101 Cybersecurity. The certificate is valid until 2026-10-22.
Additional information
For more about Data Protection Agreement, see OneMore Secures DPA.
For more about Terms & conditions, see OneMore Secures Terms & Conditions.
Feel free to contact us if you have any questions about our privacy policy:
Email to support@onemoresecure.com
For further contact details, visit our website www.onemoresecure.com
This site was last updated 2025-01-22.