Security and Data Protection

dRofus is a CDE/BIM solution that is used on building projects worldwide. We are committed to security and have implemented significant efforts to protect dRofus and our customers' data.

Hosting platforms

dRofus can be provisioned by one of our two main hosting platforms:


PlatformDescription
dRofus SaaS

Our standard offering. Hosted by dRofus (SaaS) on our data hosting provider.

dRofus on-premOptional offering for customers with specific compliance or security requirements. Hosted by the customer on their own premises or another third party hosting provider.


Architecture

dRofus is based on a client/server architecture with the following main components:

  • dRofus client-side application
  • dRofus server-side application
  • dRofus central database server


dRofus is built with proven technology from large commercial vendors or supported open source software. dRofus software is developed using .Net technology from Microsoft and based upon PostgreSQL database technology. Libraries from open sources are used in the development.


Hosting provider

dRofus cloud is currently hosted in multiple regions world wide. Each region consists of several highly available data centers.


RegionHosting providerLocation
Europe North 

Amazon Web Services

AWS Stockholm region, Sweden

Europe West
Amazon Web Services
AWS London Region, UK
Europe Central Amazon Web ServicesAWS Frankfurt region, Germany
US WestAmazon Web Services

AWS US West North California region, USA

US EastAmazon Web ServicesAWS US East North Virginia region, USA
CanadaAmazon Web ServicesAWS Central region, Canada
AustraliaAmazon Web ServicesAWS Sydney region, Australia


Security governance

Security governance are the processes that defines and manage cybersecurity.

dRofus

dRofus has established an information security management system based on the international standard ISO 27001. We also make available a CSA STAR Level 1 Self-assessment upon request. 

Hosting provider

Our hosting provider, AWS, have rigorous security and compliance programs in place. Their certification and audit portfolio includes ISO 27001, SOC 2, CSA STAR and more. Please refer to AWS compliance programs for detailed information. 


Encryption

We use encryption techniques extensively to protect customer data from unauthorised disclosure.

Encryption in transit

Data between the dRofus client software and browser and server is always encrypted in transit. All communication over open networks use at least the secure TLS 1.2 protocol. 

Note: dRofus client application 2.6 and older run on TLS 1.0. 

Encryption at rest

All customer data are encrypted at rest with the industry-standard AES-256 algorithm.


Backup

All customer data are backed up on a daily basis. Backups are protected and monitored.


Disaster recovery

We have procedures in place to carry out disaster recovery of dRofus from the latest backup and resume service availability within four hours. 


Resiliency

dRofus SaaS is replicated over two separate data centers for high-availability. In the unlikely event of a data center outage we are able to establish dRofus within a short time.


Authentication

All logon to dRofus databases requires username and password, all being encrypted in transit. When logging on through a browser, the user is issued a token for the duration of the session. Two factor authentication is being made available with dRofus identity and access management or through Single-sign-on with a third party IAM-provider. 


Audit log 

Customer users with privileged access can audit and monitor user logins to a database. Additionally, customers can audit all changes to data-objects in a database.  


Risk management

Cybersecurity in dRofus is risk-driven and we are regularly identifying, assessing and mitigating operational security risks.


Patch management

New patches to all relevant databases, operating systems and software are updated immediately upon release.


Threat management

We are continuously monitoring our managed services for threats with log collection, analysis and alerting. 


Vulnerability management

Our managed services are scanned for security vulnerabilities on a daily basis and we have processes in place to ensure timely remediation of any findings.


Data separation

dRofus development- and testing servers are kept in a separate environment from the production environment. Furthermore, customer data do not leave the region it is hosted in for other purposes than customer access.  


Access management

A database/project is only accessible to the client or whoever they give access to. Only dRofus authorized personnel have access to change the user rights on the database level and only upon a customer request. Only a limited few of our technical personnel have privileged access rights to perform advanced support and to ensure responsible operation of our services. 


Health monitoring

dRofus is continuously monitored for uptime and performance.


3D-modelling

When linking from Revit or ArchiCAD or using local IFC support in the client, the model stays on your computer. If you use our model viewer in the web the IFC files must be uploaded to Catenda servers (BimSync) which is our 3rd party provider for the models. Catenda servers are located in AWS in the Ireland region. It is not possible to have the data in a different region or have this service in house. Customer can opt-out of this functionality.


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.