TeamOne



Online Whiteboard for Efficient Collaboration

TeamOne

Online Whiteboard for Efficient Collaboration

Security - FAQ

Authentication and Authorization

How does the software handle user authentication?

We follow OpenID Connect standard, which is commonly used in the industry.

Delete

What types of user roles and permissions are supported?

TeamOne defines users roles and permissions at the team, board, and project level, as outlined in this article.

Delete

Is multifactor authentication available?

Yes, multi-factor authentication (MFA) is available by enabling 2FA. Google Authenticator can be used as the secure authentication mechanism. See how to enable the 2FA from your myViewBoard account. 

Delete

Data Encryption

How is sensitive data encrypted during transmission and storage?

All data is encrypted during transmission using HTTPS, and sensitive data is encrypted in storage through AWS RDS encryption.

Delete

What encryption algorithms and protocols are used? 

We use HTTPS with TLS 1.3 for data transmission encryption, and RDS AES256 encryption for data storage.

Delete

Are there any encryption key management practices in place?

Yes, encryption key management is handled using the AWS Key Management Service (KMS).

Delete

Vulnerability Management

How does the software handle security patches and updates?

TeamOne employs DevSecOps for  security updates, integrating DAST (Dynamic Application Security Test), automated testing and continuous deployment to ensure robust and up-to-date security measures.

Delete

Is there a process for addressing vulnerabilities discovered during the beta phase?

Through DevSecOps integration, vulnerabilities detected in beta are addressed with SAST (Static application security testing)/Peer review during the development phase and DAST and Red team test in the deployment phase, emphasizing proactive security across all phases for effective risk mitigation.

Delete

How frequently are security scans and assessments performed?

Code scan security runs on every build, while security scans and assessments are conducted semi-annually.

Delete

Access Control

What mechanisms are in place to control access to sensitive features or data?

TeamOne prioritize strict access control using Role-Based Access Control (RBAC) to precisely manage permissions, coupled with a Web Application Firewall (WAF) to reinforce protection against unauthorized access, ensuring robust security for your sensitive information.

Delete

Is there support for role-based access control (RBAC)?

TeamOne incorporates role-based access control at the team, board, and project level, as outlined in this article.

Delete

Can access be restricted based on IP address or geographical location?

While access can be restricted based on IP address or geographical location, this feature is not currently implemented. Technically, it's feasible to do so depending on the requirements. For instance, in a team profile, an admin could enter specific IP addresses or regions to restrict access. However, one risk to consider is the potential for an admin to mistakenly enter an incorrect IP address, which could lead to issues if it cannot be corrected.

Delete

What happens to teammates who left the organization (inactive accounts), what happens to their boards?

The team admin has the authority to assign another admin to manage the team. Other users within the same team can still access the boards, allowing continued access for teammates.

Delete

Audit Logging

Does the software provide comprehensive audit logs?

Comprehensive audit logs for customer-facing purposes are not currently designed. However, all transaction logs can be tracked within a 7-day period.

Delete

What actions are logged, and can the logs be securely stored and analyzed?

All actions are logged, and the logs are encrypted with AES256 using a secured encryption key.

Delete

Secure Communication

How are communications between clients and servers secured?

TeamOne secure client-server communications through HTTPS for encryption, Web Application Firewalls (WAF) for threat defense, strict access controls, and data encryption during both transfer and storage, ensuring robust protection for your information.

Delete

Is Transport Layer Security (TLS) used for encryption?

Yes, TeamOne uses TLS 1.3 for Transport Layer Security (TLS) encryption.

Delete

Are there any protocols in place to prevent man-in-the-middle attacks?

To prevent man-in-the-middle attacks, TeamOne utilizes the HTTPS protocol, ensuring secure and encrypted communications. This is complemented by Web Application Firewalls (WAF) for threat defense and stringent access controls to protect data in transit and storage.

Delete

Data Policy, Data Privacy and Compliance

Does the software comply with relevant data privacy regulations (e.g., GDPR, HIPAA)?

TeamOne complies with GDPR regulations, as outlined in our privacy policy available at https://TeamOne.viewsonic.com/legal/privacy-policy.

Delete

How is personal data handled and protected?

TeamOne does not directly collect personal data. Instead, it utilizes the ViewSonic Account as its identity provider to ensure enhanced security for your personal information. As an application, TeamOne does not store or have direct access to your personal data. All personal information remains within the ViewSonic Account system, and TeamOne accesses it only through a time-limited token to manage access control.

Delete

Are there mechanisms for users to control their data privacy settings?

TeamOne will provide settings menus where users can adjust their privacy data, including viewing their information and editing privacy settings. These settings will be accessible through the account settings or privacy dashboard.

Delete

What happens if beta users did not subscribe and where/how do ViewSonic store their data?

Those beta users will be downgraded to the individual free plan, and their boards will still be accessible. TeamOne utilizes AWS as our supporting vendor, ensuring industrial-grade standards for transactions and data. Users' board data will reside in the same region as chosen in the ViewSonic Account.

Delete

Does TeamOne have any security certifications?

While TeamOne does not currently have any security certifications, ViewSonic maintains ISO 27001 certification in good standing. Additionally, our hosting vendor AWS adheres to most industry security standards.

Delete

Can I request the deletion of my account and data in TeamOne?

If you need to fully delete your data, perform one of the following: 


For issues deleting your data, please submit a support ticket here and our specialist will assist you:

Delete

Who can access my data in TeamOne?

Through the implementation of DevSecOps practices, TeamOne prohibits any developer from operationally 'touching' the production database. Additionally, as per predefined roles, no one should directly access any production data in ViewSonic.

Delete

Incident Response

What is the process for responding to security incidents or breaches?

Incident handling for TeamOne follows the guidelines outlined in the myViewBoard Security Whitepaper.

Delete

Is there a designated security team responsible for incident response?

The TeamOne Security Team will document all recovery steps taken during incidents and present them as case studies for guidance and prevention. Detailed tasks and logs collected during the incident-handling process will be listed in the TeamOne internal directory, shared exclusively with the internal software development team. All reported issues will also be listed in our internal directory and shared with the team without any customer identifiable information.

Delete

Are customers promptly notified in the event of a security incident?

Customers are promptly notified based on the severity, type, and impact of the security incident. If necessary, notifications are sent via email to ensure timely communication.

Delete

Third-party Integrations and Dependencies

Are there any third-party libraries or components used in the software?

Yes, TeamOne utilizes third-party libraries, which undergo rigorous analysis by our SAST tool equipped with intelligent Software Composition Analysis (SCA) to ensure their security before integration.

Delete

How are dependencies managed, and are they regularly updated for security patches?

TeamOne utilizes DevSecOps to manage dependencies and regularly updates them for security. We conduct Dynamic Application Security Testing (DAST) and red team testing during deployment for thorough security verification, ensuring continuous protection.

Delete

Security Alert System

Does the software have a security alert system in place? This system should promptly notify you of any abnormal activities detected on your computer systems (such as unauthorized changes or unknown sign-ins).

TeamOne utilizes a Web Application Firewall (WAF) alongside role-based access control to promptly detect and respond to abnormal activities such as unauthorized changes or unknown sign-ins, ensuring the security of our systems.

Delete


Knowledge Base

Need additional help?

Check our other resources — we'll be happy to assist you.