IT Security is a fundamental part of any IT system, and it is no different at TenderBoard. This article has been created to help users understand the security features TenderBoard has put in place as well as share best practices to help keep accounts and data safe.
TenderBoard is currently certified to ISO 27001 and SS 584 (MTCS). For any questions on data security, you can contact [email protected]
TABLE OF CONTENTS
Section A – Account Security
1. Password Security
The TenderBoard system has the following features to help you protect your password:
- TenderBoard requires a strong password with a minimum of 8 characters consisting of at least 1 uppercase character, 1 lowercase character, 1 numerical character and 1 symbol.
- You will be required to reset your password once every 90 days
- You will not be able to re-use the same password if you have used it as one of your previous 4 passwords
- Your account will be locked out if there are 5 failed login attempts. You will need to contact [email protected] and verify your identity to get the account unlocked.
- TenderBoard has a password reset function that you can use to reset your password. This sends a link to your registered e-mail address, which allows you to set a new password. You may only use this feature once every 24 hours. Do note that resetting your password will not allow you to unlock a locked out account and you will still need to contact TenderBoard for assistance.
- For those who require more security, TenderBoard has an optional Two- Factor Authentication (2FA) feature that can be activated on the security tab of the ‘My Account’ page. This will require installation of the Google Authenticator app on your Android or iOS device.
2. Browser Security
Your TenderBoard account has the following security features:
- Your account will be logged out after 15 minutes of inactivity. Any action performed on the page within a 15 minute period will extend the log-in validity back to 15 minutes.
- Simultaneous log-ins are not allowed. Any new log-in to an account will cause any existing log-ins to be signed out. If you get signed out of an account this way, please contact [email protected] to investigate.
Section B – Safe Browsing
3. Phishing and Malicious Emails
Occasionally, you might receive an e-mail that looks like it is from TenderBoard or a regular supplier, but is actually a malicious email. This practice is known as phishing – opening an attachment in such an e-mail could allow unauthorised
access to your system.
A legitimate automated TenderBoard e-mail will have the following features:
- Sent from [email protected]
- The name will indicate TenderBoard, or a Buyer (via TenderBoard)
- Will direct you to the Tenderboard website for documents, if any
- Will contain a link for you to contact us if required.
- Adheres to the formatting below:
Protecting yourself from malicious e-mails: You may refer to this article for general advice on protecting yourself from malicious emails.
4. Safe Browsing
TenderBoard also recommends the following safe browsing habits to help increase your system’s security:
- Install security software. If you are using your company’s laptop, your organisation should already have a security policy and security software installed on your system. On your own personal devices, it is recommended to have security software to help prevent malware from getting onto your system.
- Scan all downloaded files. Ensure that all files being downloaded onto your system and opened are scanned for viruses, even those downloaded from Tenderboard.
- Clear your cache regularly. refreshing your cache regularly helps to ensure that you do not provide back-end access to your secure data to malware that might make its way into your system. An alternative to cache clearing is using Incognito or Private browsers to access sensitive websites such as TenderBoard.
Section C – Organisation Security
5. Access Rights Management
For organisations using TenderBoard, we encourage you to ensure that all users who require TenderBoard are provided with their own accounts for access.
Additionally, ensure that accounts with special privileges, such as administrators, are carefully controlled. Do inform TenderBoard if you need to update your list of system administrators.