Teamwork Data Centers
Teamwork Products are available in a choice of two AWS data centers one in the U.S.A. (N.Virginia) and the other in the E.U. (Dublin, Ireland). These data centers are complete standalone instances of the Teamwork Systems, the choice of where your data is stored is the decision of the customer, once chosen, all data will be stored within this data center and will not reside outside this center and all future login and Teamwork activities will operate from their selected data center. This applies to all file storage, databases, and backup operations.
Amazon employs a robust physical security program with multiple certifications, including an SSAE 16 certification. For more information on Amazon’s physical security processes, please visit aws.amazon.com/security.
Within our Campus
Within our campus, we have a variety of security measures implemented. Our buildings are monitored 24/7 by surveillance cameras. All employees are required to have access cards to access the building, access logs are kept of employee access. A secure VPN is required to access the office network remotely.
Network and System Security
Security Updates & Patch Management
All servers and applications are monitored and kept up to date with the latest security patches in accordance with our internal patch management policy.
Critical patches are deployed immediately in the event of a disclosure of a new vulnerability impacting Teamwork assets. We use patch management software to easily report on and deploy security patches.
Third-party dependencies in our code are regularly scanned for vulnerabilities by an automated tool and reports are sent to developers and the security team.
We use Git for source code and configuration management. All changes to code and configurations go through peer review before the changes are released to our testing system. All changes must go through our build system and a suite of automated tests before they are released to our production systems. Large changes all go through manual in-depth testing by our testing team to ensure potential issues are detected.
We perform regular automated vulnerability scanning using internal and external tools to identify vulnerabilities. Third-party manual pen tests take place bi-annually and all reported issues are actioned on and resolved.
Advanced user authentication
Each Teamwork user has a unique password-protected account. The password is validated against our password complexity requirements which ensures that every password is at least 8 characters in length and contains upper-case and lower-case characters and at least one number. All user passwords are stored in the database only after being passed through a one-way hash and salt technique, we do not store any user passwords in plain text or display any personally identifiable information in our application logs.
On specific plans you can enable two-factor authentication for your profile, adding an additional layer of protection to your account. Teamwork products also support SSO via SAML.
Data Control – Privacy, Visibility & Sharing
A Teamwork administrator manages and controls individual user rights.
Customer data, including tasks and folders, can only be accessed by other users within your Teamwork account if those items were specifically shared with them, or if the items were placed in shared folders.
We provide encryption in transit using HTTPS by default on all Teamwork.com domains. For our Enterprise customers, your data is encrypted at rest using industry-standard AES-256 encryption algorithm. We support TLS 1.2 only and restrict insecure ciphers, this ensures that all our traffic is secure and private while in transit between your browser and our application.