Security

NOR-STA services and data entrusted by the users are protected by advanced information security mechanisms, which are consistent with the adopted Information Security Policy (ISP) . ISP introduces a range of security measures: organizational, logical and physical.

The security measures involve Role Based Access Control (RBAC), encrypted data transmission between browser and server (SSL), encrypted passwords, input data validation and hacker attack protection, data replication techniques and advanced means of physical protection of servers. User’s  data remain under exclusive control of the user who can decide who and under which conditions can access the data.

Information Security Policy is referred to while discussing with the users the  expected level of quality of the service  - Service Level Agreement (SLA) signed with the users.

To use NOR-STA services it is sufficient to have an Internet browser (preferred are Mozilla Firefox and Internet Explorer). No other investment in IT infrastructure is necessary.

Service availability is continuously monitored by on-line tools. The measurements show that during last six months, the availability of NOR-STA services was at the level 99.7%. The development team has dedicated solutions which allow to rise this level if requested by the users.

NOR-STA services are deployed in a cloud and offered to the users in accordance with the Software-as-a-Service (SaaS) model. The services can be used as-needed, without any prior investment in a specialized IT infrastructure,  which make them affordable also by users with limited resources (like SMEs).

Implementation of NOR-STA services is based on RIA (Rich Internet Application)  and uses modern IT means, in particular AJAX frameworks and FLOSS technologies (Java, JBoss, PostreSQL), VMware and others.

The picture below illustrates how NOR-STA services are accessed by the users.