Construction Software Security | Low Risk – High Return

Read Why Tenderfield’s Customers Trust Our Construction Software Security

We understand that our users’ proprietary information is commercially sensitive and that its security is of paramount importance to them.

The following are some of the measures that we have in place to ensure that users’ proprietary information is protected:

Why Cloud?

Our cloud service provider allows us to operate core business processes continuously and add resources as needed.
The AWS Cloud provides ongoing management, monitoring, and backup services.
Our IT staff uses web management tools to provision computational, storage, networking, database and other resources instantaneously as needed.

Safe Secure Storage

All information uploaded to the Tenderfield site is stored on Amazon’s S3 file storage, which is not a publicly accessible area.
Amazon’s S3 has been awarded third-party certifications and evaluations for ISO 27001 certification (Information Security Management).
Physical storage is co-located in geographically redundant data centers that are selected based on strict criteria. All data centers comply with Uptime Institute’s TIA 943 III chosen by the Amazon Cloud Server.

Encrypted Data Storage

As your data and objects get stored in Amazon S3 the server RDS is encrypted automatically using Advanced Encryption Standard (AES) 256, a secure symmetric-key encryption standard using 256-bit encryption keys.
Our site does not use any obfuscation as all document contents are stored in unique URLs at Amazon’ S3. We do not store the files with their titles to prevent anyone from guessing the names of files.
The links to individual files stored on Amazon’s S3 are maintained to prevent database security breaches. (We do not store your encryption key anywhere; the key is immediately discarded after Amazon S3 completes your requests).

Payment Security

Details of credit cards and payments are fully protected. We do not hold any credit card data on our website as they are passed on directly to the secure payment gateway.
Tenderfield has an SSL certificate in place so that all information transmitted while using the site is encrypted and cannot be decrypted by anybody intercepting the website traffic.
We maintain PCI DSS compliance to the highest security standards set by Visa and MasterCard, under which the site is audited daily to eliminate vulnerabilities. Data is encrypted with Thales devices to offer the highest level of protection available.

Security & Performance

All projects are set up with various levels of accessibility, and users must be added to individual projects in order to access the details for that project. Only authorised project team members have access to their project, not the whole company (other than the company account owner’s – usually the company director’s).
Sub-contractors cannot view or access the details of other Sub-contractors quoting on a project.
Independent testing of the entire site is done by penetration tests to verify our internal policies and regulatory compliance.