Application Development – Product Security
The 27k1 ISMS is a Line of Business application (LOB). The system is installed with Microsoft’s multi-layered security architecture.
Microsoft LOB applications offer several security advantages over traditional, downloadable apps:
- There are no .msi or .exe file types for malware to contaminate or clone.
- The app will not install unless a valid security certificate is assigned to it by 27k1 Ltd. This ensures that the application is from a trusted source.
- 27k1 use GlobalSign’s Certification Services - https://www.globalsign.com/ to provide validated certification.
- LOB apps reside in an isolated area within the computer, this is called “Sand Boxing”. The app is not allowed to communicate outside this sand boxed area unless a prompt is provided to the user. File exporting and importing is a good example.
- When the app is uninstalled, all components of the app are removed leaving no file remnants.
Additional security assurances:
- The application is developed in a secure, 2 tier firewall environment.
- Detailed development and deployment procedures are used to ensure maximum reliability.
- Commercial anti-virus software scans the development files on a real-time basis.
- Source code is encrypted and backed-up on a regular basis and stored in out of office locations.
- Before publication, EVERY version is tested using the “Microsoft App Certification Tool”:
https://docs.microsoft.com/en-us/previous-versions/windows/apps/jj657973(v=win.10)?redirectedfrom=MSDN – Open this link and refer to the Windows 10 column and the “Tests for Windows Store app certification” section. These tests are applied to the 27k1 ISMS software.
- Occasionally Microsoft issue .NET security updates. These security updates are deployed within the 27k1 ISMS application within 14 days of issue.
27k1 Ltd rigorously test new features, however software is extremely complex and from time to time, bug fixes may be issued to ensure the platform is resilient and conforming to design.
To further help app resilience, 27k1 Ltd uses the CryptoLens API which anonymously records any application crashes, which are monitored and the fixes implemented as required.
Development and Programming Oversight:
27k1 Ltd's principles are to carry out all system development and coding in the UK, the code is written in C#.