Providing information security for the world's biggest projects
Aconex offers an extremely scalable, highly reliable platform for managing information and processes for construction and engineering projects. We've invested over a decade in an enterprise-class cloud infrastructure offering multiple levels of security for cloud-based, project-wide collaboration. We continue to evolve our model to address a constantly changing threat landscape and to ensure your data is always protected. We know our business depends on earning your trust every day, and we take our responsibilities very seriously.
Confidentiality, integrity and availability
Certified to a global standard
The highest international standard for security management practices, ISO 27001 details requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information management system. We’ve been certified since 2011.
We offer sophisticated security options which span three levels of control—organization, project and user. Configurable options protect user logins, including password and access rules and a sophisticated role-based user security management system.
2-Step Verification is optional at the project level. Aconex also supports SAML (the Secure Assertion Markup Language) which facilitates integration with Single Sign On providers.
Aconex uses signed 2048-bit SSL keys for all HTTPS traffic to ensure all information is encrypted across the public internet while in transit. Client data can be protected by an encryption-at-rest solution in both primary and disaster-recovery sites.
Our instances are co-located in geographically redundant data centers that are selected based on strict criteria, to address performance, security, data sovereignty and redundancy requirements. All data centers comply with the Uptime Institute's TIA 942 III or better.
Committed to your data security
We undergo annual external audits and recertification audits every three years to ensure compliance with ISO 27001.
An independent third party undertakes penetration tests against our network, web application and mobile apps every quarter to verify our internal policies and regulatory compliance.
Testing for vulnerabilities
Aconex undergoes annual web and mobile vulnerability testing and social engineering testing. In these tests, we have been rated as "highly secure."
Each data center undergoes annual audits to ensure they continue to meet our service-level requirements.