ISOPlanner is a Microsoft 365 extension that operationalizes compliance.
Our software is designed to request the most limited access to customer resources to achieve a seamless integrated experience. We are continuously mindful of our customer’s privacy and limit access to all customer data on a need to know basis internally.
ISOPlanner applies best security practices retaining a minimal amount of customer data and operating with the fewest privileges necessary to provide a great experience to all users.
The ISOPlanner application and its data is hosted in Microsoft Azure.
Microsoft designs and manages the Azure infrastructure to meet a broad set of international and industry-specific compliance standards, such as
- ISO 27001,
- SOC 1, and
- SOC 2.
It also meets country- or region-specific standards, including Australia IRAP, UK G-Cloud, and Singapore MTCS. Rigorous third-party audits, such as those done by the British Standards Institute, verify adherence to the strict security controls these standards mandate.
For a full list of compliance standards that Azure adheres to, see the compliance offerings.
Microsoft 365 integration
ISOPlanner has access to certain data of the organization of the customer through the Microsoft Graph API. These data will not be transmitted over public internet and instead remain in the Microsoft cloud.
From accessed data, ISOPlanner only stores a copy of the name and email address of users. These can be deleted in the application.
- All connections from the browser to ISOPlanner are encrypted in transit using TLS SHA-256 with RSA Encryption.
- All data is encrypted at rest
For ISOPlanner, single sign-on comes as default since only Microsoft 365 accounts are used to access the application. That means that the account is also protected by any MFA that is activated for users’ Microsoft 365 accounts.
Backups of Azure SQL-databases are made according to the standard Microsoft pattern.
SQL Databases as well as SQL Managed Instances use SQL Server-technology to create a full backup every week, differential backups every 12-24 hours and transaction log backups every 5 to 10 minutes.