General Security Principles
The following principles are fundamental to using any application securely.
Keep Software Up To Date
One of the principles of good security practice is to keep all software versions and patches up to date. This applies to add-on services and other integration applications connecting to SuiteProjects Pro as well as operating systems and browser technology.
In the specific case of Web Browser support, the following four browsers are supported in accordance with the vendor support policy: Google Chrome (most current major stable channel release), Mozilla Firefox (most current major ESR version and above, in production only), Apple Safari (most current major production release and one prior release), and Microsoft Edge (latest major version of Microsoft Edge Chromium). Other versions may continue to work with SuiteProjects Pro but are not officially supported. Microsoft Explorer 11 is no longer supported.
|
Operating System |
Chrome |
Firefox |
Microsoft Edge |
Safari |
|---|---|---|---|---|
|
macOS |
Supported |
Supported |
— |
Supported |
|
Windows |
Supported |
Supported |
Supported |
Not Supported |
Follow the Principle of Least Privilege
The principle of least privilege states that users should be given the least amount of privilege to perform their jobs. Over ambitious granting of responsibilities, roles, grants, etc., especially early on in an organization’s life cycle when people are few and work needs to be done quickly, often leaves a system wide open for abuse. User privileges should be reviewed periodically to determine relevance to current job responsibilities.
When an employee leaves, immediately remove their access to SuiteProjects Pro.
Separation of Duties
Beyond limiting user privilege level, you also limit user duties, or the specific jobs they can perform with SuiteProjects Pro. No user should be given responsibility for more than one related function. This limits the ability of a user to perform a malicious action and then cover up that action. For example, you may not want the same user or role to be responsible for both entering a transaction (timesheet, expense report, or invoice, for example) and approving that transaction.
Monitor System Activity
System security stands on three legs: good security protocols, proper system configuration and system monitoring. Auditing and reviewing audit records address this third requirement. Each component within a system has some degree of monitoring capability. Follow audit advice in this document and regularly monitor audit records.
Keep Up To Date on Latest Security Information
SuiteProjects Pro continually improves its software and documentation. Advance customer notifications will be sent by email regarding any changes impacting system infrastructure or security. These Announcements will also be posted to the SuiteProjects Pro User Group.