There is a well-developed security mind set in and around upKeeper in all parts that form upKeeper and the services it provides. Every change to the product or major change to the environment where upKeeper is expected to produce services are validated from a security perspective and have been handled in that way for years. Security always has the upper hand over feature.
Product lifecycle
Planning
Prior to every new version of upKeeper feature requests are collected and an external analyse of the client management area is performed. Requests that are ranked high by users and are in line with the overall direction of the product and that add value without great limitations are added to the backlog after they been validated from a security perspective. During the development process we catch weaknesses in code and third-party components and add them to the backlog. Confirmed system bugs are also added to de backlog.
Development
To keep the highest quality and security development are done according to best practices with the latest tools and frameworks. Code is reviewed by man and machine before added to the common codebase. Code is stored according to standards set by the industry and backup daily to two different systems. Developers and project leaders are taught according to OWASP recommendation with updates and adjustments every third month.
Testing
Planned testing is done continuously during development and before release. Testing is also done to find and recreate bugs or performance issues. Personnel doing the test are documenting performed tests and eventual deviation that are found. Deviations is reported as bugs and are picked up by the developers that corrects and released as new versions to test.
Implementation
New version of upKeeper is implemented in local environments in consultation with systems experts, that has good knowledge of upKeeper and client management. Before installing a production environment, we plan and see to that the requirements are met. The implementation project is managed by a project manager responsible for project goals and the communication between project participants. More personal resources can, after consultation, be added to reach project goals. upKeeper Solutions has third party consultants in all areas.
Operation
upKeeper Manager can be used from a local installation, from a partner installation or in upKeeper Cloud. If upKeeper Manager is installed locally our used as a service from one of our partners, it is for the mangers of the environment to see to it that the environment is secure and configured according to our recommendation. When using upKeeper Cloud the environment is configured according to best practices with the latest version of upKeeper Manager. upKeeper Cloud is hosted on servers in Sweden with redundant servers, communication, and locations. Server host is ISO 27001 certified.
Support
upKeeper Solutions supports trained personal at our partners. Tickets from our partners is registered in a customer support system and resources are assigned and we have escalation routine in place. Tickets are normally handled thru mail communication. In some cases, contact thru phone our video call will used to solve tickets faster and easier. All support is given in a way to teach.
Maintenance
upKeeper Manager is release I two major version per year which is a guarantee for a high security level based on current situation and external analyse. Installations of upKeeper Manager should be upgraded with latest version within six (6) months of release date. Upgrading upKeeper Manager is done in steps where everything starts with the server components and ends with the clients. upKeeper Manager clients should be upgraded to latest version within twelve (12) months of release date. Upgrading will guarantee less bugs, higher availability, and higher security. upKeeper Cloud is upgraded within two (2) weeks of the release date.
Comments
0 comments
Please sign in to leave a comment.