Data Security

At Opus Compliance Cloud, we prioritise the security and integrity of your data. Here's how we ensure your information is protected:

Server Security

Our platform is hosted in the EU within a Tier 3 data centre, ensuring robust physical and digital protections.

Data Backup

Data is backed up bi-weekly to safeguard against data loss.

System Patching and DDoS Protection

• • OS patching is managed by Delft Solutions B.V.

  • DDoS prevention is provided by Worldstream, ensuring service continuity and protection against attacks.

Data Transmission Security

We use the industry-standard Transport Layer Security (TLS) 1.2 or later with 2,048-bit encryption keys to secure all data transmissions.

User Authentication and Account Security

• • Email change notifications are sent to the original email address to prevent unauthorised changes.

  • Password change notifications are issued to alert users of any updates to their credentials.

  • Users must re-enter their credentials every two weeks if the "Remember Me" option is selected. Without this option, credentials must be re-entered at the start of each browser session.

  • Password requirements:

    • Minimum length: 6 characters

    • Maximum length: 128 characters

  • Encryption: bcrypt with 13 stretches for enhanced security.

  • Account lockout after 8 failed login attempts, with a lockout period of 1 hour. Accounts can also be unlocked via an email link.

  • Reset password links are valid for 6 hours.

  • Protection against timing attacks:

  • Passwords are safeguarded from timing-based attacks.

  • Reset tokens are securely implemented, making it infeasible to guess tokens associated with specific users.

These measures ensure that your data is kept secure while maintaining compliance with industry standards and best practices.