dRofus is a CDE/BIM solution that is used on building projects worldwide. We are committed to security and have implemented significant efforts to protect dRofus and our customers' data.
dRofus can be provisioned by one of our two main hosting platforms:
Our standard offering. Hosted by dRofus (SaaS) on our data hosting provider.
|dRofus on-prem||Optional offering for customers with specific compliance or security requirements. Hosted by the customer on their own premises or another third party hosting provider.|
dRofus is based on a client/server architecture with the following main components:
- dRofus client-side application
- dRofus server-side application
- dRofus central database server
dRofus is built with proven technology from large commercial vendors or supported open source software. dRofus software is developed using .Net technology from Microsoft and based upon PostgreSQL database technology. Libraries from open sources are used in the development.
dRofus cloud is currently hosted in six regions world wide. Each region consists of several highly available data centers.
Amazon Web Services
AWS Stockholm region, Sweden
|Europe Central||Amazon Web Services||AWS Frankfurt region, Germany|
|US West||Amazon Web Services|
AWS US West North California region, USA
|US East||Amazon Web Services||AWS US East North Virginia region, USA|
|Canada||Amazon Web Services||AWS Central region, Canada|
|Australia||Amazon Web Services||AWS Sydney region, Australia|
Security governance are the processes that defines and manage cybersecurity.
dRofus has established an information security management system based on the international standard ISO 27001. We also make available a CSA STAR Level 1 Self-assessment upon request.
Our hosting provider, AWS, have rigorous security and compliance programs in place. Their certification and audit portfolio includes ISO 27001, SOC 2, CSA STAR and more. Please refer to AWS compliance programs for detailed information.
We use encryption techniques extensively to protect customer data from unauthorised disclosure.
Encryption in transit
Data between the dRofus client software and browser and server is always encrypted in transit. All communication over open networks use at least the secure TLS 1.2 protocol.
Note: dRofus client application 2.6 and older run on TLS 1.0.
Encryption at rest
All customer data are encrypted at rest with the industry-standard AES-256 algorithm.
All customer data are backed up on a daily basis. Backups are protected and monitored.
We have procedures in place to carry out disaster recovery of dRofus from the latest backup and resume service availability within four hours.
dRofus SaaS is replicated over two separate data centers for high-availability. In the unlikely event of a data center outage we are able to establish dRofus within a short time.
All logon to dRofus databases requires username and password, all being encrypted in transit. When logging on through a browser, the user is issued a token for the duration of the session. Two factor authentication is being made available with dRofus identity and access management or through Single-sign-on with a third party IAM-provider.
Customer users with privileged access can audit and monitor user logins to a database. Additionally, customers can audit all changes to data-objects in a database.
Cybersecurity in dRofus is risk-driven and we are regularly identifying, assessing and mitigating operational security risks.
New patches to all relevant databases, operating systems and software are updated immediately upon release.
We are continuously monitoring our managed services for threats with log collection, analysis and alerting.
Our managed services are scanned for security vulnerabilities on a daily basis and we have processes in place to ensure timely remediation of any findings.
dRofus development- and testing servers are kept in a separate environment from the production environment. Furthermore, customer data do not leave the region it is hosted in for other purposes than customer access.
A database/project is only accessible to the client or whoever they give access to. Only dRofus authorized personnel have access to change the user rights on the database level and only upon a customer request. Only a limited few of our technical personnel have privileged access rights to perform advanced support and to ensure responsible operation of our services.
dRofus is continuously monitored for uptime and performance.
When linking from Revit or ArchiCAD or using local IFC support in the client, the model stays on your computer. If you use our model viewer in the web the IFC files must be uploaded to Catenda servers (BimSync) which is our 3rd party provider for the models. Catenda servers are located in AWS in the Ireland region. It is not possible to have the data in a different region or have this service in house. Customer can opt-out of this functionality.