Password retention policy

Documentation – main page

AyMINE – Technical documentation

AyMINE® home page

Modules

Task, project & quality management

About

Activity log

Manager approval with the task report

Timesheet

Why some data can't be deleted

Busines Area

Adminitration of areas, projects, calendars

List of business areas

Manage your marks

Mark patterns

My areas

Region / project / methodology

Business event

Event activation buttons

List of event instances

Change management process in a project

Client Settings

Competencies and Skills

GDPR and record of qualifications

Level of Competence

Qualification of user or contact

Required qualifications

Right to Manage Qualifications

Configuration Package

Deals / Contracts

Decision

Objects of decision making

Variant decision-making

Directives and Policies

Discussion

Drag & Drop between records

Events

Events and meetings

Personal calendar

Task, project & quality management

Administration of the Task Management Module

System rights for the task management module

Information

List of event instances

Location

Meeting

Methodology and Quality Management systems

FMEA

What a methodology / QMS consists of

Obligation

Package definition

Phrases and terms

Plan template / strategy

Problem Resolution Management

8D report – system support

Collaborative Resolution of Multiple Problems

Customer Care Centre

Customer Service Response Generation

Incident and Quality Issue Management

Internal helpdesk

Objects affected by the problem

Problems, Incidents, Helpdesk Tickets

Project

My projects

Project baseline

Project Planning

Project Schedule

Records managed by a project

Return project plan by baseline

Project definition

Project role

Project Team

Records and protocols

Recorded activities

Record template

Reminders and Messages

Self-Reminders

Requirements

Input requirements

Requirements waiting for you

Risk

Risk Pattern

Sample tasks and methodologies of the area

Task

Effect of the task on the right to modify the attached object

Employee Tasks

Kanban Task Overview

My Tasks

Personal Task

Processed objects

Task list

Task Scheduling

Task timelines

Team Member

The person responsible for the task

Test

Type of tests

Working procedure – task definition

Activation buttons

New task assignment

Notification events

Objects related to the task pattern

Starting events

Contacts and directories module (CRM)

About

Address books and contacts

Contact per person or company

Quickly available contacts

Contracts

Partner in a contract

Directory

Directory list and management

Privacy policy

Groups of contacts

Order overview for customer groups

Contacts and directories module (CRM)

System Permissions and CRM Module Settings

Message patterns

Send bulk messages in compliance with GDPR

Bulk email footer

Bulk Emails

How to correctly forget a person's details

Unsubscribe and set preferences
for bulk mail

Web management and automation

About

Basic Service Settings

Store access to a website

Connector for Web Services

Web management and automation

Receiving a message from the web

User documentation for AyMINE

Web Page Description

Web portal

CMS for Large Websites

Website Block

Human resources

About

HR module role

Human resources

Digital Personnel Archive

Personalistics – User Permissions

Human Resources module security

Job Position

Manage department / division data

Overview of Personnel Information for pracov# Employment Contract

Registration of job seekers

Worker

An overview of your staff

Responsible HR Manager

Synchronizing staff and system users

Worker overview

Products, assets and sales

About

Analytical model

Business offer

Offer and Price Access Rights

Offers summaries

Recalculate bid

Products, assets and sales

Pricing

Pricing – volume discounts

Product Categories

Product or Product Property

FMEA – Severity evaluation

Products

HARA for product

Product FMEA

Product status and change

Product Units

Product Supplier

Project Goal

Quality criteria

Quality criteria

Received order for goods or services

Order Reports

Tendering and purchasing

Finance management

About

Budget

Accounted Case

Budget Item

Finance management

Metrics and Measurements

About

Metrics and Measurements

Technical Modules

Sabre plugin module

About

Sabre plugin module

Enterprise Architect connector

About

Database link to Enterprise Architect database

Enterprise Architect connector

System Modules

The AyMINE Framework Module

About

AyMINE – Initial advice

AyMINE — Tips for Mobile Usage

AyMINE — Windows Application

Configure how your system looks and works

Deleting

Drag & Drop between records

Gestures and Keyboard Shortcuts

Icons in the AyMINE system

More about how the system works

Object detail

Object lists

Private notes and tags for objects

Your main dashboard

AyMINE Modules

ClipLink

The AyMINE Framework Module

framework user rights

Overview of Modules and Record Types

Password retention policy

List of records

Filtering in the list of records

{# Object extensions

Object locks

System rights

System Management

About

Bulletin Board

Client items

Clients

Client settings

Crypto Wallet

Discussion

Securing posts and internal discussions

Documents and files

Additional functions with files

Copying and moving files between objects

Files (documents) linked to the object

Picture presentation

Public link to the document

Recent Files

Formatted texts in the application

Gateway settings for external messages

IMP gateway settings for email communication

Internet Call Gateway Settings

System Management

Message with the outside world

Call directly from CRM

Contacts in Email

Email messages

Secure business communication

Send SMS directly from CRM

Object location on the board

Pocketbook

Pocketbook

Record Relationships

Relation types

Role Groups and Teams

User Processes

System Configuration

Processes in use

System User

Connecting users to VOIP PBX

Secure login to the sytem

User administration

Translations

User settings

Colour schemes

Trusted user device

Let us know what you're looking for

Do you prefer to ask us directly?

Call us +420 605 203 938 (the Czech Republic)

or use this contacts

Password retention policy

AyMINE pays great attention to password protection so that the system meets the requirements of the ISO 27002 cryptosecurity standards

General rules apply to all passwords

Global rules

Passwords:

  • Never stored unencrypted.
  • If it is not necessary to use it, algorithms are used that do not allow the password to be determined, only to verify
  • If unencrypted passwords need to be used (typically to authenticate the system to other services, such as communication gateways), the passwords are stored securely outside the encrypted passwords so that it is not possible to obtain both by hacking one system.
  • Passwords are never transmitted through unencrypted channels
  • Internal encryption passwords are never global, but are always related to a specific user and purpose.
  • AES-256 level mechanisms are used as a minimum for encryption.
  • Passwords are stored in such a way that they cannot be retrieved or reconstructed from backups, source codes, or exports (e.g. by dump the database, by hacking the system)
  • All operations in which the password is used are logged. The log is kept so that it can be detected if it is tampered with.

Rules for user passwords

User passwords do not need to be decrypted. Therefore, only control hash codes are kept that make it impossible to retrieve the password in any way. In addition, the system requires the use of a secure password.

Rules for secure password

  • At least 8 characters from two groups:
  • Uppercase letters
  • Lowercase letters
  • Digits
  • Special characters

Rules for password communication

  • The system never sends passwords. It only sends links to pages that allow the password to be changed.
  • The system never allows password changes without a two-factor user check.
  • The system always informs the user if his account is handled by the administrator. It is not possible to change the user's security settings and the user is not informed by the other way (by email). In particular, the administrator has the ability to set a new password for the user, but the user is always informed by email; the administrator has no ability to influence the sending of an information email.

Management Security Rules

The system management is designed in accordance with the requirements of ISO 27002.

Physical Security

  • All physical infrastructure is located in data centre premises complying with the requirements of ISO 27002.
  • Neither the data centre administrator nor anyone else with physical access rights to technical equipment has access codes that would allow access to stored passwords of clients.
  • If the physical devices on which the system is operated, or which store system backups, are used by unauthorised persons, they cannot obtain stored passwords.

System Access Rules

  • All assets on which passwords are managed are under the direct care of the system administrator
  • All access to the infrastructure that processes passwords is managed – access is documented and records who and when accesses the infrastructure are recorded.
  • The system creates an independent password usage log. The log is available to the client on request (from the use of passwords it is possible to track employee data, therefore the log is not freely available).

Code management

  • Code that runs in the perimeter where data is managed is audited and must not leave the administrator's technical resources
  • All code changes are audited
  • The system is secured by technical means to identify code changes.

Manage the passwords themselves

  • Passwords are never transmitted by any physical media
  • The administrator never receives, transmits or processes client passwords – passwords are always entered by the clients themselves and are encrypted immediately after entering them. Therefore, the system administrators never see the clients' passwords, nor can they be in their electronic or other communications. All passwords are entered exclusively in an environment accessed by a worker who knows the passwords.
  • Passwords cannot be displayed by the system to an unauthorised person.
  • Password protection is implemented in a two-tier way - this means that obtaining a first-level password does not allow decrypting stored information, which is encrypted in a second-level password.

Unauthorised access protection

  • System supports access audit and permissions
  • If clients have any passwords on the system, the system requires a two-factor login from all users
  • System logs both user access and unsuccessful access attempts. In case of repeated unauthorised access, the system blocks further attempts.

Standards adhered to

The system meets the requirements to be used by companies meeting the standards:

  • TISAX
  • ISO 20000
  • ISO 27000, namely ISO 27002 (replaced the older ISO/IEC17799 standards years ago)
  • GDPR

You may be interested

System permissions of AyMINE framework
System Permissions of Task Control Module
System Permissions of Order Management Module
System Permissions of Persoalistics Module