Software as a Service of TOPdesk

Service set up and design

TOPdesk SaaS is set up to deliver our services efficiently and effectively. Because we are highly specialized and able to automate all common tasks, we can provide our customers with a high quality service at a lower Total Cost of Ownership (TCO) than On-Premises hosting. This setup provides the following benefits to our customers:

• Freedom to choose either SaaS or On-Premises delivery model. And the flexibility to seamlessly switch later on without loss of data. Some restrictions might apply for functionality that is only available on SaaS.
• Data security by design. By maintaining data isolation per organization we provide multiple layers of security by design. Privacy and data ownership needs have been addressed, enabling our customers to use TOPdesk in a GDPR-compliant way.
• Customization and flexibility. Where limited flexibility is one of the most-mentioned drawbacks of SaaS services, TOPdesk provides the same amount of flexibility to customize TOPdesk to your business needs as an On-Premises installation.
• Ownership of data and exit strategy. Your company stays in control of your data. TOPdesk provides full access to all of your data. Backups can be downloaded in an open standard, during the contract and for a set period after your contract with us ends.
• Scalability. TOPdesk makes sure the provided services scale with your business needs: from one TOPdesk installation to full DTAP support, and from several users to corporate scale. 

Hosting TOPdesk environments using industry standard techniques like virtualization, resource sharing, redundancy and automation of operational activities results in lower total cost of ownership in comparison to on-premises installation and high availability of the service.

Changes to TOPdesk are fully automated. Examples are deployment of new production and testing instances for customers, adding or removing modules and functionalities, backups, updates and monitoring. This reduces the risk of human error and makes it possible to respond quickly to customer requests.

Who does what?

We keep TOPdesk running. The data center keeps the server running. And you are in control of the data.

1. An external auditor verifies that TOPdesk’s procedures are adequate to securely process your data, and verifies if TOPdesk acts accoringly (also see certification).
2. The auditor of the datacenter ensures the security measures at each datacenter are up-to-date and working as intended (also see hosting locations).
3. You can inspect the safety of your data at TOPdesk using the information on this page, and by requesting our audit report via your account manager. TOPdesk also has a template data processing agreement available, which you can use to formalize the agreements between TOPdesk as data processor and you as data controller.
4. To verify the safety of the datacenter, TOPdesk has a data processing agreement with each datacenter used for hosting TOPdesk SaaS environments, and inspects the audit reports issued by their auditor.

These data processing agreements and audit reports ensure your data is kept safe, while you remain in full control of your data.

For European customers, we recommend reading our blog about TOPdesk and the General Data Protection Regulation.

Certification

TOPdesk SaaS has an ISAE 3000 type II certificate, which is audited annually, covering the previous period from April to April. The certification report by the external auditor can be requested through your account manager (see Contact us).

ISAE 3000 has been chosen as the most applicable certification for our SaaS services. This international standard, comparable to SOC 2 – Type 2 audits in the US, can be used to check if the risk management systems regarding information security, availability, integrity, confidentiality, and privacy are adequate for the desired goal, and if the targets set by TOPdesk have been met.

A Type II ISAE 3000 certification always concerns the past, as the auditor tests whether the controls were sufficient during a certain time frame.

The ISAE 3000 certification also covers subcontractors. This means that TOPdesk verifies that the datacenters used have sufficient (data) security measures, including relevant audits, and certifications on the services provided (also see Who does what). Our auditor verifies that TOPdesk has requested and inspected the relevant certificates.

An ISAE 3000 certificate also tests information security. This means there is an overlap with ISO 27001. An ISO 27001 audit tests if the management system for information security is adequate and if certain standards are met. In this sense, ISAE 3000 type II has a broader coverage, as the audit also checks whether the control systems were sufficient to accomplish the desired goal.

ISAE 3402 certification is also often mentioned for SaaS services. However, this is a standard for outsourced financial processes. Because the processes in TOPdesk often have no direct link to the (annual) financial reports of your organization, this standard is less relevant for our customers than ISAE 3000.

Hosting locations

TOPdesk currently offers hosting locations in the Netherlands (NL), the United Kingdom (UK) and the United States of America (US). We expect to introduce a Canada (CA) hosting location before Q2 2019.

Customers can choose where their data is stored and verify this location via our Self-Service Portal. Data is never moved to another region without a written confirmation from a SaaS main contact at the customer. Off-site back-ups are stored on a different location within the same region, ensuring the same laws apply.

Datacenter certifications are listed below. You can find more details about our datacenters and their (security) certification by visiting their websites.

Sub processors

Next to these datacenters, TOPdesk currently uses the following sub processors to help provide our TOPdesk SaaS services:

TOPdesk holds all sub processors to the same (or higher) security standards as we have for our own hosting services.

Changes in the sub processors will be announced in advance on our SaaS maintenance page, where you can subscribe for e-mail updates. Should you object to the use of a (new) sub processor, please contact TOPdesk Support or your account manager to discuss which alternatives are available.

Always up-to-date

In TOPdesk, we believe in working in increments: thinking big and starting small. We’ve moved from releasing four versions a year to quick small releases. What does this mean for you as a customer? About every week, you will receive the latest version of TOPdesk with the newest features and bug fixes. Small regular releases, also called continuous deployment, has at least eight benefits.

We also use staged roll-out, where a new version is first released to a small group of test environments and is  released to more and more environments while no bugs have been reported. Find out more about our staged roll-out process on our blog.

Our goal is to release functionality in small increments with no impact. In some cases, it may not be possible to do so. Here we’ll do what is needed to make you aware of the impact beforehand, and offer you options to make the upgrade as smooth as possible.

You can use our websites to stay up to date on (future) developments:

• Big new themes are announced on our product road map. Here you’ll also find our recent releases.
• You can share your suggestions and product feedback on our TOPdesk Innovation Platform. Here you can also see ideas from other customers, and vote on which idea you like best. You can register via our Extranet.
• Changes in our software with a high impact are announced on our product updates blog. You can subscribe using your email address to receive regular email updates.
• We also have a release notes page where you can find all changes, big and small, in our software. You can also open this page from within your TOPdesk environment (Menu > Help > Product news > Release notes) for an overview of relevant updates for your environment.
• We will send you an email when a bug that you reported has been fixed.

Security

Secure hosting

We only allow secure connections to TOPdesk SaaS environments. HSTS preloading is used to ensure all common browsers force users to a secured connection. The strength of our SSL certificate (used to encrypt the connection) is evaluated on a regular basis and currently has an A+ score from Qualys SSL labs.

TOPdesk uses a Content Delivery Network (CDN) for worldwide fast availability of TOPdesk environments, (D)DOS protection, and to block known threats. An intrusion detection system* helps detect attacks against our software in an early stage and will inform our hosting team of any problems.

Additionally, you can use your own intrusion detection system and link this to the TOPdesk access logs. It's also easy to set up an IP restriction for your TOPdesk SaaS envrionment, so only your colleagues can access your TOPdesk environment.

Antivirus and malware definitions are updated daily. File scans during upload, and regular full storage scans, ensure your users can safely work with attachments.

Access to your customer data folder is only possible from your TOPdesk environment, and data is stored so that only the TOPdesk environment that created a file can access it. This dual layer of security ensures that data can never be accessed by unauthorized users.

TOPdesk will also ensure all relevant updates are installed in a timely fashion (see Server management and Always up to date).

Secure software development

Secure coding guidelines ensure our software is of high quality and safe to use. Our measures include:

• Pair programming and code reviews.
• Following secure coding guidelines and test points mentioned in the OWASP list, for example.
• Using standard frameworks and methods to prevent vulnerabilities resulting from programming errors.
• Employing security-specialized developers who initiate knowledge sharing and peer reviews at our Development department.
• Actively keeping track of security issues with external methods used by TOPdesk. This way, we can take follow-up action if such an issue is found.
• Combining automated and manual tests during development and delivery phases.
• Getting external parties to evaluate all our versions before they go live on your production environments.

Penetration tests

An external auditor performs daily automated penetration tests against known threats and OWASP vulnerabilities. These tests are verified by a security expert at least every 3 months. You can also execute your own penetration test, but please inform us beforehand.

These efforts have led to an ISAE3000 type II audit report (see certification), which you can request to verify the security of our procedures and processes.

* currently only available in our NL3 datacenter

Availability & Continuity

In Q4 2018 the average uptime of all TOPdesk SaaS environments during our service window (excluding scheduled maintenance) was 99,960%. 

Several measures ensure the availability of your TOPdesk SaaS environment:

• Our redundant infrastructure ensures that a failing part does not affect availability.
• TOPdesk is installed on virtual machines that can be instantly transferred to another server, should a server fail.
• The TOPdesk database has a primary and secondary database server, ensuring availability in case of a database server failure.
• Several proxy servers in a load balancing set-up ensure heavy traffic does not cause your TOPdesk environment to become unreachable.
• Automated deployment of servers from a CMDB ensures failing servers can be quickly recreated.

Monitoring and incident response

TOPdesk has a 24/7 monitoring system on all TOPdesk SaaS environments and servers. The monitoring system verifies health metrics for every TOPdesk environment, like the (internal and external) availability, database connection, and search index availability. Servers are also tested on relevant metrics, like availability, CPU usage, memory usage, and available disk space.

Should the monitoring system detect a problem, TOPdesk operators are immediately notified. During the night, a 24/7 stand-by shift ensures issues are quickly resolved. Issues affecting multiple TOPdesk environments are published on our status page and via the Self-Service Portal. You can also verify the monitoring results on our portal, and (if desired) immediately schedule follow-up actions like a restart of your TOPdesk environment, or submit a ticket for our Support team.

Back-up procedures

Back-up procedures ensure we can continue to operate in the unlikely event that data becomes unreachable:

• Continuous database transaction logs ensure that we can restore to any point in time for the past 30 days.
• Daily full off-site database back-ups ensure we can restore to any given day from the past week in case of a data center failure.
• Daily off-site attachment back-ups ensure your uploaded documents also remain available in case of a data center failure.
• You can also (automatically) download your own data from TOPdesk, in case you want a separate back-up at your own location. This can also be used as an exit strategy.

Back-up and restore procedures are tested at least monthly. A monitoring system ensures the last restore test for each site was no longer than 30 days ago. As servers are deployed automatically, recovering from a data center loss is hardly different from day to day operations.

Disaster recovery procedures

Our disaster recovery procedures and back-up systems ensure quick recovery times. In over 75% of all cases we are able to restore all services within 15 minutes.

In case of serious failures within a site, redundancy and fail over procedures ensure:

• Recovery Time Objective (RTO): 1 hour.
• Recovery Point Objective (RPO): up to 60 minutes. In most cases less than 1 minute, using Point in Time restore possibilities.

In the unlikely event of a total site failure (datacenter is lost):

• Recovery Time Objective (RTO): services are fully operational for all customers of the lost site, within 5 days.
• Recovery Point Objective (RPO): a maximum data loss of 24 hours is possible.

You can always stay up-to-date regarding the availability of TOPdesk SaaS environments by checking the availability of your environment on our customer portal (https://extranet.topdesk.com) and by visiting our SaaS Status blog.

Access management

Access for users

TOPdesk can link to many identity providers. This means you can easily control who has access to your TOPdesk environment, without setting up a separate login system. Simply link TOPdesk to your existing identity provider (via ADFS, SAML, LDAPS, etc.) and you can log in using Single Sign On (SSO). Our consultants will help you to create a secure link between both systems.

From our customer portal (https://extranet.topdesk.com) you control your TOPdesk SaaS environment. You can manage which users are allowed to request changes to the environment, schedule actions, and request changes. TOPdesk will only execute changes requested by contacts that have previously been registered as 'SaaS main contact' person in our system, to prevent unauthorized changes.

Access for TOPdesk

TOPdesk employees can only access your TOPdesk SaaS environment when you have requested them to do so, for instance when you’ve asked our Support team for help.

All TOPdesk Support staff that might be granted access to your environment will have:

• a certificate of conduct
• a confidentiality agreement in their contract
• completed an extensive training program regarding the TOPdesk products, and hosting related topics such as handling confidential data and security awareness.

You can even determine whether TOPdesk employees can access your TOPdesk environment. You can find the settings for this at 'Functional settings > Login settings > General'.

TOPdesk won't store any passwords for your environment. TOPdesk employees will only have access using a personal account from a secure TOPdesk authentication server.

Also see our privacy policy.

Encryption

Encryption of stored data protects against data theft by someone with access to the discs where the data is stored. TOPdesk has covered this risk in several ways.

The following steps have been taken to prevent theft of data:

• On our NL3, UK1 and US1 datacenter all customer files are stored on encrypted disks, and we keep expanding our encryption options. Our CA1 (Canada) datacenter will only use encrypted disks, both for customer files and TOPdesk databases.
• TOPdesk only uses well-protected data centers to host customer data. 24/7 security guards are present in the data centers and only previously announced persons with a valid ID are allowed in. There is continuous camera surveillance and all server racks have their own lock. This makes it impossible for unauthorized users to acquire the servers or the data stored thereon.
• Data is distributed over multiple disk drives. This ensures that an error on a disk does not cause loss of data, but also ensures that a stolen disk contains only fragments of files and hardly any readable data.
• TOPdesk has a monitoring system that verifies the available disk space on servers. If disks disappear unexpectedly, this monitoring system reports the change to TOPdesk operators who can contact the data center to check for anomalies.
• TOPdesk has data processing agreements with all used datacenters. Datacenter operators are not allowed to handle customer data, and background checks are performed by the datacenter.

A related risk to theft of stored data, is interception of data before it is stored. This risk is covered by only allowing encrypted connections (HTTPS) with TOPdesk SaaS environments. HSTS preloading ensures all connections are automatically started using HTTPS by all common browsers.

Regular checks determine whether there are known errors in used communication protocols, after which unsafe protocols are disabled as soon as possible. These measures resulted in an A+ score for the TOPdesk SaaS SSL certificate on Qualys SSL Labs, an independent party that assesses the strength of secure connections.

Exit strategy

Data saved in your TOPdesk environment remains your property. We offer a default and easy way to retrieve your data from our software, when you terminate your contract with us for example. You can, at any time, download your database and attachments via your TOPdesk environment.

After terminating your contract, we keep your data for 30 days and remove it automatically after this period. To ensure that your data is completely deleted, we have an automatic system with built-in control mechanism for the deletion. We also have a monitoring system that actively scans folders, databases and live environments for data that should have been removed.

If you have not already downloaded your data, you can contact TOPdesk Support to request a copy. Up to 30 days after terminating your contract, one of your SaaS main contacts can requests your data through our Self-Service Portal. Upon this request, we’ll send you the data as soon as possible through a secure connection. All data comes in a regular file format.

Contact us

If you have any questions about our SaaS hosting, don’t hesitate to contact TOPdesk Support for more information.

Responsible disclosure

We appreciate customers and security researchers reporting vulnerabilities in our software and infrastructure to us.

If you plan to execute a test on our product or SaaS infrastructure, please contact your account manager or our Support department and ask for the collaboration agreement that we have in place for this purpose. It provides guidelines on how to responsibly test our services and work together with us, which for instance prevents our security team from interfering with your tests when detected by our monitoring.

Read more about how to report findings on our responsible disclosure page.

Response time

All security incidents are treated with high priority. Our Support team is trained in recognizing security incidents and will escalate these requests to a security expert.

We aim to provide customers with an indication on the severity and possible mitigating steps within 1 working day. For the fastest response, please call our Support team to report a possible security issue.

If a modification in the product is necessary to remedy a vulnerability, we start working on that immediately and aim to incorporate it in the next release of our product.