Security Questions

Security Questions that are often asked during the purchase process

Question

Answer

(Yes/No)

Comments & details

1- Do you have information security policy? Yes
2- Do you have a process to conduct regular and comprehensive cyber risk assessments? Yes We perform yearly penetration tests on our environments
3- Do you have security certification such SOC 2 Type II, ISO 27001? If yes, Can you provide the reports? No We do not have certifications yet, but we are working towards the NIST framework and are aiming for SOC II compliance next year
4- Do you process personal information?
If so, are you in compliance with privacy laws such as the Personal Information Protection and Electronic Documents Act of Canada (PIPEDA) or the laws* on the protection of personal information in Quebec ( including its amendments under Bill 64/Bill 25) or any other law applicable to your jurisdiction?
If not, what is your plan to comply with your legal framework?
No We don’t process any personal information
5- How do you protect data in motion and at rest? Yes All our project data lives in M365, and it is protected at rest with Microsoft encryption. We use DLP policies, conditional access policies, and Micrpspft defender for protecting data in motion
6- Is there any segregation of customer data? Yes Customer data is protected by permissions and Azure information protection sensitivity labels, which are only accessed on corporate devices by users having accurate permissions
7- Where are located your data centers that could host our data? All our data is in M365 and hence on Microsoft-hosted data centers
8- Do you apply access control policy to access customer data? Yes Customer data is protected by permissions and Azure information protection sensitivity labels which are only accessed on corporate devices by users having accurate permissions
9- Do you use secure application development (SDLC) practices? Yes All our code is checked in to TFS online and safe coding guidelines are followed
10- Do you have the security tools in place to protect yourself from cyber attacks? If yes, please specify. Yes SoHo uses Microsoft defender, which enables us to use safe links, safe attachments, anti-spam and anti-malware policies to protect our tenants from cyber attacks
11- Is there a vulnerability management program in place? No
12- Do you regularly perform penetration tests of your infrastructure? Do you have a frequency? Yes Penetration tests are performed annually
13- Do you perform logging and monitoring of your infrastructure activities? Yes All our infrastructure is in the cloud and doesn’t need server logging. Activity and sign-in logs are currently maintained through MS cloud app security, and we are in the process of implementing SIEM logs using MS Sentinel
14- Do you have an incident management process? Yes Please find our incident management policy attached
15- For outsourcing of critical IT service, do you consider cyber security risk as part of your due diligence process? Yes Since our internal IT services are in the cloud, it is a global availability. We do our due diligence with the usage of MS endpoint management software- InTune, and make sure our data is accessible and downloadable only on corporate devices
16- Do you have a business continuity plan (BCP) or a disaster recovery plan (PRA)? If so, are tests carried out and which date? Yes We use Datto SaaS protection for backing up our M365 environment and restores are tested every 6 months. BCP included in the InfoSec policy
17- Do your employees and consultants undergo criminal background checks? Do they sign confidentiality and non-disclosure agreements? Yes These are a part of our onboarding procedures
18- Do you have an information security awareness program and contextualized training for database administrators and developers? Yes We provide annual cybersecurity training to our end users
19- Do you have a cyber insurance contract in force? Yes We have Cybersecurity Insurance

 

 

 

How to cancel my subscription

To cancel your recurly subscription

You need to create a recurly account to cancel your subscription.

To create an account goto this URL:

https://sohodragon.recurly.com/account/create_account

If you need to reset your password, the reset recurly email, may end up in the spam/ junk folder.

Once logged in you can cancel your subscription.

 

 

How to edit a PDF file directing

The logic behind the dynamic URL

https://pdf.sohodragon.com/?SiteID=sohotd.sharepoint.com,74560a4a-713c-425e-ae0f-dcf43bda5291,39c4156d-5c5c-45f6-8d85-023acad0a6c9&LibraryName=Documents&FilePath=%2F200page%20Doc-pspdf%20bookmarks-adobe%20outlines-test-2%20(3).pdf&U=admin@sohotd.onmicrosoft.com

SiteID={tenant}.sharepoint.com,{siteId},{webId}

LibraryName={FolderName}

FilePath={pathRelativeToLibrary}

U={currentUserEmail}

Error – A silent sign-in request was sent but none of the currently signed in user(s) match the requested login hint

If you see this error message:

AADSTS50058: A silent sign-in request was sent but none of the currently signed-in user(s) match the requested login hint.

You are seeing this error because you attempted to open the PDF Editor in a browser that is currently logged into a different M365 tenant.

There are 2 options for this scenario.

Option 1

  1. Clear the browsing data to remove the session that is currently stored in the browser.

Chrome
… menu
More Tools
Clear browsing data
Last 24 hours
Clear Data

https://support.google.com/chrome/answer/2392709?hl=en&co=GENIE.Platform%3DDesktop

IE

… Menu
Settings
Privacy, search and services
Clear browsing data
Choose what to clear
Last 24 hours
Clear Now

https://support.microsoft.com/en-us/microsoft-edge/view-and-delete-browser-history-in-microsoft-edge-00cf7943-a9e1-975a-a33d-ac10ce454ca4

Option 2

Open in Incognito browser – this will open PDF Editor with a clean session to authenticate properly.