The Ultimate Security Checklist

Secure your login
When logging in to the Notificare's Dashboard, by default, all accounts require to set up Two-Factor Authentication (2FA). 2FA adds an extra layer of security to your accounts. It requires an additional credential – beyond just the username and password – to gain account access. And getting that second credential requires access to something that only belongs to you, like your smartphone. By using an authenticator app, you prevent sharing an account's login credentials. It will ensure you that the access is on a personal level; guaranteed! 2FA is enforced for all Notificare accounts.

In addition, you can enable a Password Policy. This step will offer yet another layer of protection by forcing all accounts to change their password every 45 days. When you enable Password Policy from the app's owner account, all other accounts you share your apps with will inherit this policy.

Get your IP Whitelisted
Besides adding these extra layers of security on the dashboard's interface, you can also add an extra layer of protection to all the back-end apps that use our REST API. Ideally, you want to create accounts with a level of access for your apps whose sole purpose is to gain access to our REST API. Back-end apps can then use these accounts' API Keys to access the Notificare's REST API to perform several operations. From creating campaigns, to import or export data, IP Whitelisting these accounts guarantees that these apps will only be accessing your data from a specific location.

Set Data Retention Policies
To be compliant with your internal data retention policies and with the GDPR, the Notificare's Dashboard lets you configure retention settings for each type of data you store for an application in the platform. The Data Retention settings can be found in the Settings menu of your apps.

If you did not configure these settings yet, the dashboard shows you a warning to accept the default settings of 730 days (2 years) or change them according to your needs. All data older than whatever thresholds you define will be discarded.

Sign the DPA
The Data Processing Agreement (DPA) is a mandatory part of the GDPR and describes who is responsible for processing personal data. Notificare offers a possibility to arrange for a tailor-made document, but in general, it is easier and sufficient to use the Self-Signed DPA. All you have to do is enter the dashboard, go to Your Account > Legal and pick Data Processing Agreement after clicking the New Document button. Sign this DPA and return it to us. We will then make sure that this (signed) document will appear in the dashboard for your reference.

Update legal Contacts
In the Notificare's Dashboard, there is a section where you can update your contact information. With an up-to-date list of contacts, the Notificare's Support Engineers know exactly whom to contact if needed. Make sure this list is always up-to-date so that you can be informed of issues and incidents without any delays. Go to Your Account > Contacts and select New Contact. Fill in your Primary Contact, Data Protection Officer, and EEA Representative.

Subscribe to Warnings
With Push and Email notifications, we'll make sure that you are informed about issues that arise for your application. Warnings like expired certificates, import or export jobs or account related issues. Make sure all your team members are subscribed to email warnings by enabling this in your account.

Share & Revoke Access
Once you've configured all the app's environments (DTAP) you need in Notificare, then you will need to invite all the people who will work with these apps. From your internal staff to 3rd party suppliers, you will be required to define a role and invite them to access your app. Depending on the role you choose, these accounts will have a certain level of access to your apps. And, even more important, as soon as an account no longer needs access to your apps, make sure you revoke its permission.