We are independently audited against ISO 9001 and ISO 27001 for our quality and cyber security continuous improvement processses - SkyHigh Networks have also recently risk-assessed the Industrial App Store.

We don't store or transmit credit card data, so are not required to be PCI compliant, we have no equity or debt in the US SEC, so are not required to be SOX compliant. We believe we operate to a standard above ISO 27001 and have an audit to verify that we meet this standard.

Penetration tests are performed annually - any security problems are reported and fixed as soon as possible.

Azure, Microsoft.

Currently: Azure - Europe (Dublin) - may extend to other continents at a later date.

Service network is Azure hosted and not a business connected network, we allow only trusted IP addresses to connect for maintenance. The Industrial App Store is designed to allow data to flow without having full network access for clients and for us as well.

We do not store any login credentials in the Industrial App Store. Instead, we delegate all authentication to trusted external providers such as the Microsoft Identity Platform.

We use role-based access control (RBAC) to manage access to client data; RBAC rules are defined and stored using the App Store Connect that resides on the client's network rather than centrally on the Industrial App Store.

We use a consent-based model to grant access to client data. An app can only request data from a given source if the calling user has been granted access through RBAC rules, and also if the user has granted the app delegated permission to access a given source on their behalf.

We use a strongly-typed query API that does not allow direct execution of e.g. raw SQL queries. Drivers are designed to ensure that translation from the query API model to a driver-specific query use security features such as parameterised SQL queries.

Azure AD, 2FA is down to the domain administration as it is SSO.

It has to be. We'd also advise clients to do this as quickly as possible to prevent staff members from beginning to sign in to the Industrial App Store with non-company accounts.

Domain administrators can control who can sign into the Industrial App Store via standard Azure AD configuration.

User access to data is managed through App Store Connect local configuration.

Applications can access data on behalf of a user only if the user has consented to this.

Industrial App Store:

User - can sign into Industrial App Store apps and use data sources that they have been granted permission to access.

Developer - can manage registration settings for Industrial App Store apps published by their organisation.

Organisation Administrator - can grant or restrict access to Industrial App Store apps to users and user groups within their organisation, and configure trust settings for their organisation.

Global Administrator - as above, but can manage any organisation. This role is restricted to approved Intelligent Plant employees.

App Store Connect:

Read - can read data from an assigned data source.

Write Tag Values - can write tag values to an assigned data source (if supported and enabled by the data source driver).

Write Tag Annotations - can write tag annotations to an assigned data source (if supported and enabled by the data source driver).

Configure Tags - can create/update/delete tag definitions on an assigned data source (if supported and enabled by the data source driver).

Configure Script Tags - can create/update/delete dynamic calculation tags for a data source. The query API only allows configuration via pre-installed calculation templates, and does not allow configuration of ad hoc calculations.

Administrator - can create/update/delete data source configuration. Management of data sources is only possible locally on the App Store Connect machine.

The system does not store any user passwords by design.

Microsft AD provides this, along with the App Store Connect Configuration.

Handled by Domain Policy as Azure AD integrated.

The Industrial App Store does not store any passwords.

When configuring a data source connection on an App Store Connect, sensitive settings are encrypted locally on the machine using the Windows Data Protection API, using the Local Machine scope and driver-specific entropy to ensure that the sensitive information cannot be decrypted externally to the machine that it was encrypted on.

Credentials are protected based on the policies of the 3rd party vendors that the App Store Connect is interfacing with.

N/A.

Yes. However, some apps which are meant to be non-interactive will automatically refresh a session (for instance a graphic that is displayed on a non-user PC).
Additionally, some apps may request "offline access" to data. These apps are able to refresh access tokens without user interaction (typically apps that perform continuous monitoring of data). Apps that request offline access are clearly marked when the user signs in. An app's data source permissions can be revoked at any time.

The system require JavaScript and HTML5.

Logged in Active Directory.

Audit is available in App Store Connect log for all customer data requests - this is on the customer to review, or to organise a review.

Configuration changes on the Industrial App Store (e.g. assignment of a user to a group, changes in organisation trust settings) are recorded and visible to Organisation Administrator users for the affected organisation.

Dynamic calculation tags record metadata such as the identity of the creator, last modified, and the date and time that the calculations was created or last modified at.

Data source configuration changes on an App Store Connect fall under the purview of the organisation's own IT change management, since these must be performed locally on the App Store Connect machine.

There is a log of Applications access and Spending of credits for audit purposes.

Organisation-specific audit trails on the Industrial App Store are protected by role-based access control and can only be viewed by users who are in the Organisation Administrator role for the organisation, or are in the Global Administrator role (i.e. selected Intelligent Plant employees).

Industrial App Store logs are only available to selected Intelligent Plant employees.

App Store Connect logs reside on the App Store Connect machine and are protected by the IT access policies of the organisation.

HTTPS encryption from End-to-End.

Storage at Client site - so Client managed.

Yes, strong encryption (for passwords for data access), no proprietary encryption algorithms are used.

HTTPS certificates are issued to appstore.intelligentplant.com and managed by Intelligent Plant.

Potentially - where access to an unencrypted data source is added (eg. Modbus) at site. Encryption is always performed on all traffic between App Store Connect and the App Store.

Port 433 from App Store Connect to the App Store, Port 433 from any client to the Industrial App Store, data source specific ports from App Store Connect to client datastores.

If this is talking about the potential for the likes of SQL injection, then yes.

No.

Any malicious code in an external app would only be able to read data that it was given access to - as such, these are sandboxed to prevent malicious code being able to harm the client network.

We have a continuous build process with automated testing and a bug reporting mechanism where the user or person who reports the bug is able to hold it open or close it.

We utilise Azure backup and restore and test this frequently.

They are physically separated as the data is stored on the client infrastructure. Data for a single customer could be produced, if that client were currently connected to the App Store and had shared that data with us.