Assetti application is made with our own dedicated in house team of professionals. We have a wide array of precautions in Assetti to ensure that the data you entrust to us, is safe in our hands.

Technical security

Our application gives you many options to manage your and your users’ security such as:

– Secure communication is enforced via site-wide HTTPS
– Strict user password rules (Minimum length of 10 characters, at least one uppercase character and one number required).
– Optionally a SAML-based single sign-on (SSO) system.
– Role-based access control.
– Property and Portfolio based access control.

In addition to this, the following techniques are employed to mitigate any possible security issues:

– Datacenter DDOS protection.
– Full datacenter redundancy, no single point of failure.
– Regular tests against external forces.
– Inbuilt backup function in addition to automatic backups.

Organizational security

Our internal network is compartmentalized. All our employees use two-factor authentication to access company data. Only the authorized administrators can access the production environments, using unique SSH-keys.

All our employees receive mandatory training from our security team. Only a certain set of authorized employees can access customer data. This only happens when absolutely necessary, with customer consent. All employees are required to sign a document of non-disclosure.

We have created internal InfoSec device policies that are applied on installation and regularly audited. These policies are reviewed and updated in the monthly security review, where we continue to maintain and improve our security.

Access control

Assetti has strong built-in access control functionalities. Assetti customers can set the rights and privileges of each and every user on individual properties and tabs. All of these functionalities are used to control access for the information.

We have made it as easy as possible for Assetti users to create access rights for external partners. Access rights are possible to be managed based on different preferences, such as groups and roles.

For example, if an Assetti customer wants to share data in Assetti with any external partners, e.g. a valuator, it is easy to give access for the user and set user rights. In this case, when the valuator logs into Assetti, he or she can only see one property even though the customer has multiple properties in Assetti.

We’re here for you

If you have any questions regarding your privacy with using Assetti, you can contact us at infosec@assetti.pro.