Knowledge base

All you need to know about the PCT

Security

How to configure 2FA

For a secure login the PCT uses two factor authentication (2FA). Each user must activate this manually the first time they log in.
 
Click on “Activate 2FA”, download an Authenticator App and add your account by scanning the QR code or entering the unique ID. Finally, enter the 6-digit code generated in the authenticator app to confirm that your account has been properly added in the app.

On the ‘Users‘ page in the left navigation, as an administrator you can see which users are using 2FA.
 

How do I reset 2FA?

When a user does not has access to his 2Fa code, because he has a new phone, a full user can temporarily deactivate the 2FA setting so that the user can activate it again. When logging in, it automatically forces 2FA to be set. Without activation of 2FA, it is not possible to log in.

Will my data be backed up?

Yes. Every day 2 “hot storage” backups of the data are made. This happens every 12 hours. These backups are stored encrypted in Europe. In addition, an encrypted “cold storage” backup is made every day and stored within the data center in the Netherlands.

Where is my data stored?

All production data is stored in AWS (EU). Within AWS, the hot storage backup is also stored. In addition, a daily cold storage backup is stored at Leaseweb in Amsterdam.

Can I back up my data myself?

You can manually export data from the PCT. Depending on the type of data, you do this as follows:

Export PCT Framework
Full users have the rights to export the PCT Framework. All the latest public versions in the framework are exported in a .pdf file.
1. Open the ‘Organization’ page
2. At ‘Download manual’ you can give settings to your export.
3. Click on ‘Download handbook (backup)’.

If you cannot download, your browser may be blocking popups from ProActive Compliance Tool. Check the top right of your screen to see if there is a blocked popup.

Exporting forms
Full users have the rights to export the registrations from the forms to Excel. The forms should be exported 1 at a time.
1. Open the form you want to export
2. Open the results tab
3. Right click on ‘Export and import registrations’.
4. Export the information to a displayable file
Do this for each form the information is to be exported from.

Exporting files
Full users have the rights to download the files. The files should be downloaded 1 by 1.
1. Open the files library
2. Click on the three dots behind the file to download the file.
3. Do this for each file from which the information is to be downloaded.

Are backups checked for corruption?

Currently, backups are tested for corruption on a random (periodic) basis. A fully automated backup corruption testing process is underway.

What is the uptime of the PCT?

We strive for an uptime of 99.5% during weekdays (NL) from 09:00 to 17:00.

By whom is the PCT being developed?

The PCT is a framework that runs within the software of ISO2HANDLE. ISO2HANDLE is the developer of the software. The PCT framework was developed by Protify.

Does my environment have a firewall?

Each customer environment has its own firewall.

How is my PCT environment monitored?

All client environments and backups are monitored 24/7 by the ISO2HANDLE, the software vendor. In turn, their monitoring systems are also monitored so that any problems are immediately detected.

Of each client environment the following is monitored:
– uptime (live)
– presence of hot storage backups
– presence of cold storage back-ups

Are pen tests performed on the PCT?

ISO2HANDLE regularly performs a PEN test on the software. Of course it is also possible to perform a PEN test on your own environment.

Who has access to the PCT?

In addition to the created users, consultants may be able to log into the PCT. In the section “users” you can see which consultants these are. In addition, ISO2HANDLE has the ability to restore a backup and in this way they have access to the data in the PCT.

Who is responsible for the data in the PCT?

The client is ultimately responsible for the data placed in the PCT. The consultant is the processor of this data and ISO2HANDLE is the sub-processor. The moment a client environment is activated, a processor agreement is drawn up.

Does the PCT have its own database?

Each customer has its own customer environment with unique URL and its own database. All databases of customer environments are separated from each other and never touch.

Experience the ease of the ProActive Compliance Tool

Demo request