Cyber security principles

Top Previous Next

The below security principles are implemented to protect the MESPAS infrastructure and relevant sensitive customer information against all forms of harmful cyber-attacks.

MESPAS TSM

•Multi-tenant database

•Clients use SSL to communicate with servers (Dual SSL)

•Synchronisation:
Online: runs over dual SSL
By email: each file is individually encrypted, per vessel, and has a checksum against changes

•Passwords are encrypted in the database

•Documents are encrypted (name and content) on the servers

•Communication between MESPAS TSM and MESPAS Supplier Business Management (SBM) goes through encrypted channels

•An audit trail is kept in log files and on the database

Cloud:

Architecture

•The system operates on a secure, multi-region cloud infrastructure (Google Cloud Platform). This setup provides redundancy, high availability, and resilience against regional outages.

Backup of Cloud Data

•Central database: Automated daily snapshots are performed and securely stored to ensure data integrity and availability.

•Offshore vessel database: Data is backed up with every synchronization between the vessel system and the central database.

Disaster Recovery Procedure

•Central database: Point-in-time recovery is supported and can restore data to a specific timestamp (hh:mm:ss) within the last seven days.

•Offshore vessel database: Recovery can be performed to the state of the last successful synchronization.

Recovery Objectives

•RTO (Recovery Time Objective): 15–20 minutes

•RPO (Recovery Point Objective): 24 hours

MESPAS Supplier Business Management (SBM) and MRV

•Access via HTTPS only

•Passwords are encrypted on the database

•An audit trail is kept in log files and on database

•Credit cards are not stored (and managed by Invoiced)

MESPAS Reporting Engine

•Access via HTTPS only

•Multi tenant database to ensure clear client-data separation

General

•Servers are located in Europe

•Access to the servers is controlled by firewalls (only through https-ports)

•Administration access to the servers happens fully encrypted and is only possible from within Mespas offices for the operations team or via dedicated VPN channels

•Clear roll distribution of access to the systems