maint.works logo

TRUST CENTER

Security and privacy are designed into the architecture.

maint.works combines tenant isolation, access control, encryption and operational resilience controls for multi-company industrial service workflows.

TLS 1.2+

Encryption in transit

Tenant Scope

Company-level data isolation

RBAC + Identity

Role-based access control

Backup + Restore

Continuity planning

Platform Security Controls

Application, identity and infrastructure controls are operated as one model.

Identity and Access Management

  • • ASP.NET Identity session management and password controls
  • • Role-based authorization model for scoped operations
  • • Login lockout and endpoint-level rate limiting
  • • Anti-forgery validation on sensitive state-changing actions

Application Security

  • • XSS and HTML injection surface reduction and sanitization
  • • CSRF protections and secure cookie settings
  • • Rate limiting for public and AI-related endpoints
  • • Security headers (CSP, frame protections, nosniff)

Multi-Tenant Isolation

  • • CompanyId scope filtering for tenant separation
  • • IDOR risk controls on entity-level access paths
  • • Access boundaries across master/dealer/customer hierarchy
  • • Unauthorized scope attempts are blocked and redirected

Monitoring and Incident Handling

  • • Application logging, exception tracking and observability
  • • Auditable records for critical operational actions
  • • Controlled release process for patches and deployments
  • • Escalation and incident response procedures

Azure Infrastructure and Additional Security Options

maint.works is deployed on Microsoft Azure. In addition to baseline application controls, the following cloud security capabilities can be enabled based on enterprise requirements.

Hosting and Network Security

  • • Managed hosting and platform maintenance on Azure App Service
  • • HTTPS/TLS enforcement, certificate lifecycle and secure protocol posture
  • • Optional VNet/Private Endpoint integration for tighter network isolation

Data Protection and Continuity

  • • Azure SQL automatic backups and point-in-time restore (PITR)
  • • Long-term retention (LTR) and recovery scenarios on request
  • • Data protection principles for encryption in transit and at rest

Observability and Incident Visibility

  • • Operational observability with Application Insights and centralized logging
  • • Alerting setup for errors, performance degradation and anomalies
  • • Auditable evidence for incident analysis and post-incident review

Enterprise Security Options

  • • Microsoft Defender for Cloud for posture recommendations and threat visibility
  • • Azure Front Door + WAF and DDoS protection layers (optional)
  • • Azure Key Vault and Managed Identity for secret management (optional)

Note: Optional Azure controls are enabled according to selected plan, architecture and contractual scope.

Data Privacy Approach

Data handling is built around minimization, least-privilege access and controlled retention.

Area Approach Control
Personal data processingPurpose-limited processing for service operationsRole-based access and record-level scope checks
Data transportEncrypted HTTPS/TLS communicationSecure transport and response-header policies
Data retentionRetention windows and controlled lifecycleBackup, restore and deletion workflows
File handlingType and process-aware upload controlsValidation, storage and access constraints

Alignment with International Frameworks

Control design follows widely accepted security and privacy frameworks.

ISO/IEC 27001 and 27701 Principles

Access governance, risk handling, incident workflows and privacy safeguards are designed around these principles.

SOC 2 Trust Criteria Model

Security, availability, confidentiality and monitoring controls are mapped to operational practices.

OWASP ASVS and Top 10 Focus

Controls are prioritized against common attack classes such as XSS, CSRF, IDOR and unsafe upload paths.

GDPR and KVKK Privacy Principles

Data minimization, purpose limitation, retention and data subject request handling are supported as process controls.

Note: This page summarizes technical control posture. Formal certification and contractual scope details are provided during procurement and legal review.

Backup and Restore

Data continuity is planned through backup capabilities, retention policy and controlled restore procedures. Target RPO/RTO levels can be defined per contracted service scope.

Business Continuity

Operational resilience is supported with monitoring, alerting, release controls and post-incident improvement loops for critical workflows.

Security review and documentation requests

For enterprise onboarding, we can support security questionnaire reviews, control-matrix discussions and architecture walkthrough sessions.

Download Security Overview PDF DPA/SLA Request Form Contact Security Team Back to Home