Offers MGR

Security initiatives at Offers MGR

This document introduces Offers MGR's information security initiatives as of October 2023 and points that customers should be aware of from an information security perspective.

Offers MGR is a service run by overflow Inc. that supports maximizing development productivity specialized for software development organizations.

By linking the SaaS used by your organization, you can measure activity data and condition data, analyze the development efficiency of teams and individuals, and understand the condition status.

1. Demarcation point of responsibility with users

  • (1)Responsibility for overflow
    overflow implements the following security measures.
    • ・Offers MGR security measures
    • ・Protecting customer data stored in Offers MGR
    • ・Security measures for middleware and OS on instances used to provide Offers MGR
  • (2)Customer Responsibilities
    Customers must implement the following security measures:
    • ・Appropriate management of passwords given to each user
    • ・Properly manage your Offers MGR account (registration, deletion, granting administrator privileges, etc.)

2. Data storage location

The Offers MGR system is built using Amazon Web Services (AWS), and the data stored by the system and its backup data are both stored in data centers managed by AWS.

3. Cryptographic protection

Offers MGR protects communication content, stored data, and passwords using encryption technology.
  • (1)Communication encryption
    Offers MGR prevents data leakage and tampering by encrypting communication content. We use TLS as the encrypted communication method.
  • (2)Data encryption
    Offers MGR also encrypts linked data when it is temporarily stored on the server, thereby preventing data leakage or removal due to internal fraud. AES-GCM is used as the encryption algorithm, and private keys are strictly managed using AWS Key Management Service (KMS). Other data registered and entered by customers is saved in the database. We implement transparent encryption and full disk encryption for the database.
  • (3)Password hashing
    User passwords are not stored in plain text, but have been hashed so that they cannot be restored to their original form.

4. Data backup and deletion

If your agreement to use Offers MGR ends, your data will be retained for the period specified in the Terms of Use, unless required by law.

If the period is exceeded, all settings for functions such as comments, service integration, and adding employees will be deleted.

For more information, please refer to the Cancellation section of the Terms of Use. Detail is here.

5. Secure disposal or reuse of equipment

All equipment such as servers and network equipment used in offering Offers MGR is managed by AWS. When disposing and reusing equipment, we will ensure secure disposal and reuse in accordance with AWS/GCP policies.

6. Capacity/capacity management

The server and network resources that make up Offers MGR are constantly monitored 24 hours a day, and resources are automatically added or reduced as necessary.

7. Development system

System development for Offers MGR is carried out in-house at our company. We set guidelines during development and include security precautions. Furthermore, we conduct code reviews during development, and by creating a system in which the code cannot be implemented into production until after the review, we ensure that the actual code complies with the guidelines.

In addition, we conduct unit tests (automated tests for each program component) and E2E tests (end-to-end tests, integration tests using automatic browser operation, and display verification) before publishing to ensure the quality of the code.

8. Incident Response Policy

  • ・If a security incident that significantly impacts customers (such as data loss, prolonged system outage, or information leakage) occurs within the scope of Offers MGR's responsibility, Offers MGR will notify the customer within 24 hours of the incident. We will contact you via the email or phone number of the organization administrator provided at the time of contract.
  • ・However, the user will be responsible for data loss due to user error.
  • ・Inquiries regarding information security incidents are accepted through the contact information provided at the end of this security white paper.

9. Protection of customer data and provision to third parties

Customer data, including log data, is stored with limited access rights to prevent unauthorized access or tampering.

However, if we are requested to provide customer data in a legally recognized manner, such as a court order to provide evidence, we may provide customer information to outside parties to the minimum extent necessary without the customer's permission. there is. For more information, please refer to the third party provision section of the privacy policy. Detail is here.

Inquiries regarding this document

overflow Co., Ltd. Management Department Email address:contact@overflow.co.jp

Revision History

Edition number
Revision Date
Revision details
1.02023/10/13First edition issued