Document security and product reliability build our customers' loyalty
The trust our customers place in us is based on the security we provide in terms of continuity and good performance of our services, as well as on the confidentiality we ensure to documents and data involved.
How security works at Penneo
Penneo implemented a two-tier system to support robust security requirements. Our digital solution process is designed around two main categories: the operational security that we have at Penneo internally, and the technical safety of the services we provide for our customers.
- The first approach concerns security in hosting, data processing, and internal procedures to protect our product life cycle, and rigorous internal and third-party audit reports assure it.
- The technical safety of our digital services concerns the principles and technologies used to produce our digital signatures, and the security capabilities we provide for managing documents and automating business processes.
Combining these security policies and practices lets us reach high-level results and provide our customers with the best outcome. Nevertheless, we consider security a collaborative effort, and we entrust our customers with an active role in our security master plan. We firmly believe in the importance of users' education and awareness to get the most out of our solution's security capabilities and protect companies from online security threats.
Data center security (EU)
Security Management System
Change management procedure
Crisis management plan & business continuity
Third-party service providers
Data Protection & Confidentiality
Logical security: employees' role-based access and isolated environments
Encryption, NIST AES256, key hierarchy
Automatic and encrypted backups (in the EU)
Disposal and deletion policy
Penneo highly appreciates the contribution customers themselves can make by reporting potential issues or worries. Please do not hesitate to contact our Support Team whenever you have questions about Penneo use, or you want to report problems and suspicious activities.
Would you like to check on the operativity of our systems?
See the current status of our services and subscribe to updates. You will be the first to know if something is not working properly and be provided with the latest news regarding Penneo's platform availability.
The operational security at Penneo
What we do internally
At Penneo, we strive to provide a constant high-level service, meeting our customers' expectations day by day. The reliability of our products and the safety of the operations carried out through them are pivotal factors that Penneo absolutely prioritizes.
Our commitment to security takes shape starting from the early stages of product development, where compliance and safety are always kept in mind. We rely on a dual strategy that consists of preventive planning and a reactive response:
On the forward-looking perspective, Penneo wants to be proactive making breaches hard to create through our in-depth defense.
From the responsive position, our teams make sure that we can identify the possible problems, trying to be watchful and attentive against the potential ways to exploit the system to react immediately and efficiently.
We implemented appropriate technical and organizational measures for effective prevention and mitigation of vulnerabilities while promoting a stronger awareness of information security and data protection within all company departments.
Penneo's software is managed and operated using the IT infrastructure (IaaS) provided by Amazon Web Services (AWS) . Our IT-systems and websites are hosted in locations within the EU (Germany and Ireland). On no occasion, customers' data is ever transferred outside the EU - Penneo is, therefore, not affected by the Privacy Shield Invalidation.
The choice of AWS, a highly-compliant world-leading data center, has been mainly dictated by security and operational reasons:
AWS allows us to automate most of our operational tasks related to the IT infrastructure, thus minimizing human interaction. Since human fallibility is one of the biggest threats to an IT-based company, heavily reducing the human factor's impact on our risk scenario helps us provide extremely secure and reliable services.
AWS gives us instant access to one of the world's biggest infrastructure resource pools. This lets us handle any size of workload by automated infrastructure scaling and makes us able to recover from complete system failure in a matter of minutes instead of hours or days.
Security Management System
Risk monitoring takes a central role in the way Penneo is run. We believe that what is even more important than discovering vulnerabilities is estimating the potential risks at an initial phase of the product life cycle. Therefore, we focus on observing probable threats to minimize the chances of their verification. This risk management paradigm lets us save time and ensure the full comprehension of more serious risks.
IT Security has historically been limited to monitoring and detecting a few known risks in an endless remediation cycle. This strategy focuses on relieving the symptoms of high-priority threats, instead of correlating them and directing attention to repairing the root cause, once and for all. At Penneo, we adopt a more modern and safer approach to security, based on the prior identification of potential risks and periodical testing, to minimize and prevent threats, and ensure our product security. We can gain visibility through our risk-ranking framework, precede known threats, and prioritize weaknesses and assets that require the most protection.
In line with our goal of obtaining the best possible results in performance, compliance, and safety, Penneo relies on OWASP best practices. In the Application Security field, the OWASP (Open Web Application Security Project) is the worldwide best-recognized organization focused on improving software security by providing an unbiased source of information and guidelines. The OWASP Risk Rating Methodology we use at Penneo involves several steps to determine the severity of a risk-based on its likelihood and impact. Once we have identified all possible threats and ranked them, we get a clearer overview of what to fix first, and we can prevent the verification of issues.
The purpose of this ad hoc plan of action is to minimize the risk of unauthorized access to data or resources and cut down the chances of failure in processing or validating documents. The procedure takes place in the event of alterations concerning both infrastructure and software: for every modification, the security implications are assessed. Regardless of the criticality level, changes are always tested and approved by at least two reviewers before they are authorized to be released into our production environment.
The risk assessment is reviewed and approved by management at least once a year. Furthermore, as every change to a business process can change the risk profile, when significant changes are made, the risk assessment is updated to reflect the new risk profile.
A formal disaster recovery plan has been established to detail how business operations are restored in case of an emergency. A chain of command is set to minimize the time from when disaster hits until the recovery process begins. According to our crisis management plan, systems will be re-established in a predefined order based on criticality to quickly return to normal operativity of our services, and customers will be kept up to date with the process and timeline estimates.
The recovery plan is tested at least once a year and is kept up to date to reflect the business's current risk profile.
We acknowledge that it's not just our security that we have to worry about. We also need to consider threats from third parties, partners, and the supply chain. Being aware of potential risks to our customers, we understand that choosing partners wisely can go a long way toward maintaining a secure supply chain. To deliver a safe and high-quality service, we make sure our sub-providers have robust IT security policies in place by looking for risk management benchmarks such as industry certifications and security audits.
Penneo only entrusts to subcontractors that guarantee high-level compliance. Replaceable high-risk or high-impact sub-providers must produce an annually updated ISAE3402 assurance report or similar for risk management purposes. These assurance reports are reviewed and assessed biannually to determine whether any changes or deviations in the providers' controls can affect the risk profile of Penneo.
Data Protection & Confidentiality
Our logical security is built on the principle of least privilege, widely recognized as an essential design consideration for enhancing data protection and IT platforms' good functioning. Its implementation enables better stability and improves system security. It follows that:
We use a role-based access control model, meaning that every Penneo employee, program, or process can only access the information and resources that are essential for their legitimate purpose while any other clearance is blocked.
Access to the Penneo's production environment is provided on work-based needs and logged. Permission settings ensure only the appropriate personnel can access privileged sensitive information, and access is restricted based on employees or teams. The assignment of privileges is reviewed every six months.
Multi-factor authentication by at least two Penneo employees is always required to access the production environment and perform operations such as firewall changes, assigning and revoking privileges, and access to backups.
Access to the virtual infrastructure is provided through an SSL-encrypted channel, while access to the OS level is provided through SSH and its primary purpose is to support the software deployment process.
The least privilege principle also takes shape in the logical isolation of the various segments (production, development, customer support, and other corporate departments).
The confidentiality of personal information is ensured under local, national, and international statutes and regulations. To protect our customers' privacy, personal data is:
- never used outside the production environment for internal purposes;
- only accessible for Penneo employees if the data owner explicitly grants access;
- never shared with a third-party through our systems unless initiated by the data owner.
At Penneo, sensitive data and Personally Identifiable Information (PII) are encrypted following the cryptographic standards defined by the National Institute of Standards and Technology (NIST). Penneo only uses encryption algorithms that are FIPS-approved and NIST-recommended. In particular, our security system follows the Advanced Encryption Standard (AES), a NIST specification for the encryption of electronic data that was originally adopted by the U.S. federal government and has now become the industry standard for data security used worldwide.
To be more specific, Penneo's encryption system is built on AES256, which provides the strongest encryption level. The result is a tremendously sophisticated form of encryption that is virtually impenetrable, even using brute-force methods.
In fact, what is most likely the best way to securely store encryption keys is by using a key hierarchy: it's basically a key expansion process in which the initial key is employed to come up with a series of new keys, called round keys. These round keys are generated over multiple rounds of modification, each of which makes it harder to break the encryption. As a result, the master key will be used to decrypt a number of encryption keys that, in turn, will be used to decrypt the actual data protected. A key hierarchy provides a powerful pattern for storing an application's cryptographic keys as it uses different keys for different data while focusing your protection efforts on the master key.
An important aspect of a key hierarchy is that the master key can decrypt all the other keys, and therefore (indirectly) all of the data. To protect a master key while keeping it accessible and available when needed, Penneo uses the AWS CloudHSM service that stores the encryption keys in an HSM (Hardware Security Module), purpose-built hardware designed to protect sensitive data. The HSM provides physical and logical protection for cryptographic key material and meets the most stringent security standards, offering a high safety level for the key and the data it encrypts.
All data stored in the Penneo production environment is mirrored between three data centers, which reside in two physical locations within the EU (Germany and Ireland) and stored on multiple devices in each data center. At Penneo, we define two classes of data treated differently when it comes to backup strategies. These categories can be described as follows:
- Customers' data (and documents): the document storage solution utilized by Penneo mirrors data in six different physical facilities. The solution performs regular, systematic data integrity checks and is built to be automatically
self-heal if data is lost in four storage facilities. Every document is versioned, and every change can be rolled back.
- System data: system data is backed up daily with support for point-in-time recovery; the retention period for these backups is 30 days.
A backup restore test is performed at least once a year, and the restore test is kept up to date to reflect the business' current risk profile.
We have implemented a deletion policy for all customer data; it involves both the deletion through the customer-facing interfaces in the production environment and the hard deletion (including all revisions of a document). The policy states that even though data is deleted through the customer-facing interfaces, it will only be flagged for deletion in the production environment, i.e., not hard deleted. Hard deletion of a document (including all revisions) can only be performed by at least two Penneo employees working together. Data flagged for deletion will be hard deleted within 60 days of being flagged.
At Penneo, we are committed to facilitate the exercise of individuals' rights and ensure their effectiveness. When a data subject submits a request (using the form on our website) and specifies their willingness to exercise one of their rights, our Support Team acquires more information to act promptly, and our DPO proceeds to perform the necessary actions to satisfy the request, that is usually fulfilled within a week.
The technical safety of our services
How we build our solution
The operational security that we have at Penneo internally is combined with the principles and technologies we rely on to build our digital services. In this way, Penneo integrates security with how we build code.
The security behind Penneo's digital signature
Penneo uniquely identifies signers using Digital IDs issued by Trusted Service Providers (TSPs) or Certificate Authorities (CAs). A digital signature with Penneo requires a certificate-based digital ID to authenticate the signer's identity. This unique digital certificate is irrefutable proof that links the electronic signature validation data to the signer. A unique PID (Personal Identifier) is also printed on the document to further increase security, assuring that the signer's certificate is cryptographically bound to the document.
Penneo is designed to prevent tampering of the document during and after the signing process. When a digital signature is inserted utilizing Penneo, a unique
watermark ID is printed on the document. Moreover, a
checksum is created based on the document content including the watermark. Once the digital signature has been submitted to a document, the entire package is signed by Penneo. Therefore, one could say that Penneo acts as a kind of notary on the signed document, guaranteeing its immutability.
Every step is captured in a secured audit trail and makes it extremely easy to verify if the signed document has been modified since it was signed. This capability of recognizing any subsequent change in the data attached to the signature after signing allows us to react in the event of detection of variations in the signed data. If the document is altered after signing, the digital signature is invalidated.
Penneo helps you document intent and consent to secure that the signer intended to sign and consented to do business electronically. Consequently, the author of the signature cannot successfully dispute its authorship or the associated contract's validity. In other words, in a legal setting, a signature's authenticity cannot be challenged or denied. We assure this security principle in two ways.
First, a digital signature can only be applied to a document through Penneo's signature platform. This ensures that the user has been informed of the consequences of his actions and has had the opportunity to read that document.
Second, signers have to accept a statement of declaration and consent while signing the document. Along with the declaration of informed consent, the statement contains an overview of the signed documents and the signers' role. This statement is stored as part of the signature itself and thus serves as further proof of the signature's validity.
Document flow and retention of filed documents are just some of the most relevant features with which Penneo ensures the technical safety and non-repudiation of digitally signed documents. Ensuring the technical safety of the signature, Penneo' digital signature is a proof of trustworthiness in terms of Authenticity, Data Integrity, and Non-repudiation because it ensures the identity of the signers, non-alteration of the data, and intent of signing and be bound to the agreement.
Penneo's digital signatures meet the requirements set forth under art. 26 of eIDASRegulation for advanced electronic signatures and are technically implemented according to PAdES standards. Therefore, they are legally binding and as valid as traditional handwritten signatures, but much more secure because they are virtually impossible to defraud.
The main benefit of PAdES is most likely a feature called Long Term Validation (LTV). The Long Term Validation is a signed document's ability to stay valid long after signing for many years or even decades. PAdES recognizes that digitally signed documents may be used or archived for a long time and acknowledges the risk that the document may become invalid before the expiration date comes.
To ensure that the document never loses its legal reliability and trustworthiness, the technical proof of the signature's validity is stored as a form of attachment in the completed PDF. This means that your electronically signed documents already contain everything you need to verify the signature's validity and remain valid for long periods, even if underlying cryptographic algorithms are broken. This can be done through Penneo's Validator as a PAdES-compliant validation platform.
At Penneo, specific attention has been paid to the document's long-term sustainability (LTV) so that the document's cryptographic evidence can be verified even after the platform that created the document has become inaccessible. For PDF documents, the signature data is incorporated directly within the signed PDF document, as much as an ink signature becomes an integral part of a paper document, allowing the complete self-contained PDF file to be copied, stored, and distributed as a simple electronic file. At any time in the future, despite technological and other advances, it will be possible to validate the document to confirm that the signature was valid at the time it was made. This validation will always be possible thanks to the specific structure of the cryptographic evidence in PDF documents that assure LTV - in addition to having the signer's certificate (approved digital ID) cryptographically bound to the document.
Security capabilities for document management
Penneo acts as a digital filing cabinet, but safer and more efficient than traditional physical ones. Receiving, storing, securing, and retrieving information are processes that every organization carries out on a daily basis; our goal is to simplify and automate such activities without prejudice for security and compliance.
Using Penneo, you will be provided with an
electronic locker that combines and stores in a single place all the business documents owned by your company, whether they are contracts with clients (containing customers data) or with employees (that therefore involve their personal data), or financial statements and audit reports (including business information), and so on.
The following are capabilities offered by Penneo that will boost up security in your everyday document management:
Permission settings ensure only the appropriate personnel can access privileged sensitive information by enabling administrators to restrict who can see specific folders and files and regulate clearance for employees or teams.
A separate user account for each employee can be set up, restricted to the job role, limiting access to data. In this way, if an employee leaves the company, their access to business information can be easily and safely removed.
By providing access on work-based needs, every user will have only those minimal privileges essential for its legitimate purpose. Two or multi-factor authentication can be required to perform more critical operations on documents and data or access backups.
Monitoring and audit trail
Security restrictions are combined with history monitoring tools that supervise which employees have access to which files and maintain logs; back-ups of the audit trails can be saved to view who accessed each document, track edits, and identify suspicious activity.
Data processing policies
The storage of electronic documents includes management of those same documents according to the user's chosen rules. Policies for retention, disposal, and erasure of customers and business data can be established and take place automatically as an autonomous function of the system.
Data and documents are end-to-end encrypted and stored in a format that ensures that no alteration is possible.
Regular backups can be automatically performed and stored offsite (in the cloud and in Penneo's data centers in multiple geographic locations within the EU to better ensure relevant documents remain legible and available in time of need). With Penneo, you can also encrypt backups to protect data with an additional layer of security.
Your role in our security framework
What customers can do
Our internal operational security and the technical safety of our digital solutions let us achieve high-level results in providing a reliable product and ensuring smooth business operations. Alongside this two-pronged approach, however, a key piece is missing: the users.
We consider security a collaborative effort, and we believe that everyone has a part to play in building the security framework. Thus, we count on your help to maintain our services' safety and protect your environments.
Placing the customers and their satisfaction in the first place, Penneo wants to make sure you have access to all the information you might need to mitigate online threats, secure and strengthen your IT systems. We firmly believe in the importance of users' education and awareness to get the most out of our solutions' security capabilities and protect customers from online security threats.
Best practices to improve your cybersecurity
Properly trained users are the first line of defense against online threats. Even the strongest cryptographic systems are vulnerable if a hacker gains access to the key itself. That’s why you should include cybersecurity in your business' culture: people are key, so you need to make sure everyone is on the same page. Utilizing strong passwords, multi factor authentication, firewalls, and antivirus software is critical to the larger security picture.
The following recommendations will greatly improve the level of protection of your information environment while increasing cybersecurity throughout your entire organization.
Set regular and automatic updates for operating systems and software applications
Install and regularly update anti-virus, anti-spyware, and other anti-malware programs on all of your company's devices.
Always use the newest web browser.
Access only private Wi-Fi networks that you own or trust.
Protect email domain against phishing by enabling email filters.
If you receive dubious-looking emails, double-check the sender to verify their legitimacy; look for obvious errors or additional letters within the domain; when in doubt, navigate to the related website without clicking a link. Penneo emails are always digitally signed, and this makes it easier to unmask false senders. The same applies to our documents that contain seals to confirm their authenticity. If you think the request is legitimate but want to be 100% sure, reach out to our support team to get confirmation.
Invest in employees education and awareness: establish security practices, internet use guidelines, and rules of behaviour and monitor their implementation.
Use strong and tough to crack passphrases; choose a combination of at least 16 alphanumeric characters using upper and lower cases and symbols to make your password harder to guess - the longer, the better; consider implementing multifactor authentication for additional security.
Choose different passwords for different sites and keep your login details confidential.
Acknowledge that just having a presence online means that you are a potential target of cybercrime and implement awareness for compliance to improve the security profile of your enterprise.
Establish policies for retention, disposal and deletion of customers data and business data.
Make sure you only rely on trustworthy third-party service providers by looking for risk management benchmarks such as industry certifications and security audits.
Don't use outdated technology that is more susceptible to spyware, viruses, hacking and hardware failures which have adverse impacts on the flexibility of IT.
Avoid the worst of cyber habits: never use public Wi-Fi networks that can put confidential data at risk of interception; avoid connecting to unknown, unsecured or
guest wireless access points, even for performing non-business activities.
Never click on pop-up ads neither download any form of online content from unknown or suspicious websites.
Don't get tricked by dodgy emails: if you receive unwanted/unexpected emails, don't open links and don't download attachments.
Don't respond to emails asking for confidential information or secure content.
Don't trust emails that are not digitally signed by Penneo, nor documents that do not contain our seal; if you are in doubt, reach out to our support team to get confirmation.
Do not use username and password to log in except as a last resort; if you have to use a password:
- don't use the same password for every account
- don't share your password
- don't store your password in an unsecured location (anywhere someone else has access to it)
- don't enter your password on an unsecured network
Avoid third-party applications that seem suspicious and limit the amount of information the applications can access.
Don't believe that cybersecurity is not your problem or that there is nothing you can do about it.
Customers responsibility while using Penneo
Penneo provides its clients with configurable security features. It's up to the individual customer to personalize the security level for access, sharing, data confidentiality, and activate the related built-in system functionality before sending documents for signing. We always recommend using the strictest settings applicable to the specific use case to ensure greater protection. In the most rigorous case, all access to customer data is restricted using multi-factor authentication and data is always transmitted relying on end-to-end encrypted channels.
Log in with your e-ID; as a second option, use two-factor authentication that gives you an extra layer of protection; as a last resort, log in with username and password; the same precautions are recommended for using the API.
Set up a separate user account for each individual employee that needs to use Penneo, and restrict access to documents and data based on the job role and work-related tasks.
Review user access to the Penneo application periodically and make sure to deactivate stale accounts when an employee leaves your organization.
Encrypt sensitive documents: protect the confidentiality of your data while creating a document for signature by checking the box of
The case file contains sensitive information so that the recipient must use his e-ID to open the link with the document.
Set rules for data retention and disposal so that the data deletion would take place automatically.
If you receive an email that seems to come from Penneo but looks suspicious, reach out to our Support team to get confirmation. Penneo's emails are always digitally signed; similarly, our documents contain seals to confirm their authenticity. Please let us know when you think something looks fishy so we can improve our measures to prevent issues.
Please visit our Help Center to read more security advice and find answers to all your questions about Penneo usage.
Penneo encourages its customers to communicate about the efforts they are making in terms of security. Teaming up with companies working on high-security standards reinforces a trustworthy responsibility as a business. We suggest clearly signalizing and communicating to your customers and shareholders the procedures being implemented for compliance. Not only does this show transparency, but it also builds a deep trust for attracting and retaining customers.
Precautions and cautious planning inform our customer-centric management framework and systematically ensure that the IT controls continue to meet security needs and standards on an ongoing basis so that sensitive data remain secure. However, sometimes even the most thorough attentiveness and dedication may not be enough. In other words, our ability to react immediately and efficiently also depends on our customers. Having the widest possible view of the situation and quickly identifying underlying problems is as important as our proactive strategy.
If you think you've come into contact with a potential security incident, a privacy issue, spam, Penneo-themed fraudulent emails and websites, account misuse and/or abuse, or other security incidents and events, please do not hesitate to contact us.