dRofus is a CDE/BIM solution that is used on building projects worldwide. We are committed to security and have implemented significant efforts to protect dRofus and our customers' data.
Hosting platforms
dRofus can be provisioned by one of our two main hosting platforms:
| Platform | Description |
|---|---|
| dRofus SaaS | Our standard offering. Hosted by dRofus (SaaS) on our data hosting provider. |
| dRofus on-prem | Optional offering for customers with specific compliance or security requirements. Hosted by the customer on their own premises or another third party hosting provider. |
Architecture
dRofus is based on a client/server architecture with the following main components:
- dRofus client-side application
- dRofus server-side application
- dRofus central database server
dRofus is built with proven technology from large commercial vendors or supported open source software. dRofus software is developed using .Net technology from Microsoft and based upon PostgreSQL database technology. Libraries from open sources are used in the development.
Hosting provider
dRofus cloud is currently hosted in multiple regions world wide. Each region consists of several highly available data centers.
| Region | Hosting provider | Location |
|---|---|---|
| Europe North | Amazon Web Services | AWS Stockholm region, Sweden |
| Europe West | Amazon Web Services | AWS London Region, UK |
| Europe Central | Amazon Web Services | AWS Frankfurt region, Germany |
| US West | Amazon Web Services | AWS US West North California region, USA |
| US East | Amazon Web Services | AWS US East North Virginia region, USA |
| Canada | Amazon Web Services | AWS Central region, Canada |
| Australia | Amazon Web Services | AWS Sydney region, Australia |
| Japan | Amazon Web Services | AWS Tokyo region, Japan |
Security governance
Security governance are the processes that defines and manage cybersecurity.
dRofus
dRofus is ISO 27001 certified. We also make available a CSA STAR Level 1 Self-assessment upon request.
Hosting provider
Our hosting provider, AWS, have rigorous security and compliance programs in place. Their certification and audit portfolio includes ISO 27001, SOC 2, CSA STAR and more. Please refer to AWS compliance programs for detailed information.
Encryption
We use encryption techniques extensively to protect customer data from unauthorised disclosure.
Encryption in transit
Data between the dRofus client software and browser and server is always encrypted in transit. All communication over open networks use at least the secure TLS 1.2 protocol.
Note: dRofus client application 2.6 and older run on TLS 1.0.
Encryption at rest
All customer data are encrypted at rest with the industry-standard AES-256 algorithm.
Backup
All customer data are backed up on a daily basis. Backups are protected and monitored.
Disaster recovery
We have procedures in place to carry out disaster recovery of dRofus from the latest backup and resume service availability within four hours.
Resiliency
dRofus SaaS is replicated over two separate data centers for high-availability. In the unlikely event of a data center outage we are able to establish dRofus within a short time.
Authentication
All logon to dRofus databases requires username and password, all being encrypted in transit. When logging on through a browser, the user is issued a token for the duration of the session. Two factor authentication is being made available with dRofus identity and access management or through Single-sign-on with a third party IAM-provider.
Audit log
Customer users with privileged access can audit and monitor user logins to a database. Additionally, customers can audit all changes to data-objects in a database.
Risk management
Cybersecurity in dRofus is risk-driven and we are regularly identifying, assessing and mitigating operational security risks.
Patch management
New patches to all relevant databases, operating systems and software are updated immediately upon release.
Threat management
We are continuously monitoring our managed services for threats with log collection, analysis and alerting.
Vulnerability management
Our managed services are scanned for security vulnerabilities on a daily basis and we have processes in place to ensure timely remediation of any findings.
Data separation
dRofus development- and testing servers are kept in a separate environment from the production environment. Furthermore, customer data do not leave the region it is hosted in for other purposes than customer access.
Access management
A database/project is only accessible to the client or whoever they give access to. Only dRofus authorized personnel have access to change the user rights on the database level and only upon a customer request. Only a limited few of our technical personnel have privileged access rights to perform advanced support and to ensure responsible operation of our services.
Health monitoring
dRofus is continuously monitored for uptime and performance.
3D-modelling
When linking from Revit or ArchiCAD or using local IFC support in the client, the model stays on your computer. If you use our model viewer in the web the IFC files must be uploaded to Catenda servers (BimSync) which is our 3rd party provider for the models. Catenda servers are located in AWS in the Ireland region. It is not possible to have the data in a different region or have this service in house. Customer can opt-out of this functionality.