Software Security Statement

Beamex is dedicated to protecting all customer data using industry best standards. This Security Statement is intended to provide a transparent look at our security infrastructure and practices to help assure that your data are sufficiently protected.

Infrastructure security​

LOGiCAL services are hosted as PaaS (Platform as a Service) or IaaS (Infrastructure as a Service). Benefit of this hosting model is that our cloud provider Microsoft Azure always provides the latest security patches and technologies to all infrastructure we use.

Microsoft Azure Cloud provides robust physical data center security and environmental controls. The Microsoft Azure infrastructure is designed and managed to meet a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1, and SOC 2.

More information can be found at:
https://docs.microsoft.com/en-us/azure/security/fundamentals/infrastructure
https://docs.microsoft.com/en-us/azure/security/fundamentals/physical-security

Data protection​

All connections to LOGiCAL websites or services are protected via the use of encrypted connections, such as TLS 1.2 encryption protocol. This protection is achieved by encrypting the data before transmission; authenticating the endpoints; and decrypting and verifying the data on arrival. Data as rest is encrypted by using Microsoft’s transparent data encryption (TDE). This concerns database, logs and backups.

Data isolation​

The application is built using multi-tenancy architecture with logical separation in place. All data is stored in a shared database with logical controls that enforce separation. Thus, the data of each LOGiCAL customer is logically separated and is not influenced or accessible by other tenants.

Access Control​

LOGiCAL does not have embedded password management and support authentication, these are managed in the Microsoft Managed Identities service, which increases security. The passwords required by our services are stored using the Azure key vault service, which is designed for protecting keys and small secrets, like passwords, in the cloud.

The LOGiCAL sync client​

The client executables are signed so they cannot be tampered with. No proprietary drivers are either installed on the sync client computer, since our MC6 family calibrators uses the Microsoft Win USB stack for communication. This does not concern MC2/4 calibrators which need a proprietary driver. This driver is however digitally signed with a Beamex certificate, so it cannot be tampered with.

During communication, and after, no data is stored by the sync client on the computer so there is no risk for data leakage.

Application Development​

Our development team employs secure coding techniques and best practices of software development. Development, QA, and production environments are separated. All source code changes are peer-reviewed, thoroughly tested, and audited prior to deployment into the production environment. We use a revision control system for managing and storing code changes.

The development process is continuously validated by internal audits and conforms to the ISO 9001 standard.

Beamex Personnel​

Beamex communicates its information security policies to all personnel (who must acknowledge them), and requires employees to sign non-disclosure agreements. Ongoing privacy and security trainings, including test, are also held. Beamex employees use tools and processes that enforce industry best practices from a security point of view. This includes granting access on a need-to-know-basis, with least possible privilege rules.