User guide
Quick Start Guide
Dashboard
Overviews
Case detail (Caseoverview)
Case - event
Tasks
Case notes
Documents
User settings
Favorites
Table component
FAQ
Administrator Guide
Platform guide
Administration
Crons
Authentication and Synchronization
Mobile App Setup for Your Environment
Scheme
Dynamic tables
Archiving
Scripts
Service console
Scheduled Tasks
HR Agenda
Sequences
CSP Headers
Logs
Access Token Settings & Session Expiration
Template
Roles
Planning
Users
Organizational structure
Events
Translations
AXIOS API
Calculations & Functions
Integrations
TAS Forms
TAS Forms
Activating the module on the environment
TAS Forms - secret creation guide for Docker Swarm
Advanced Features & Tips
Partners
Product
Business Changelog
Technical Changelog
Version Upgrade Guide
Upgrading to 5.9
Upgrading to 5.3
Dynamic conditions migration
PDF printing adjustment
Editing Task Description vs Task Instructions
Transpiling forEach to a for loop
Rendering HTML on Caseoverview
Upgrading to 5.7
Lodash upgrade v4.17.x (>v5.5)
Main changes and deprecated features (v5.3 > v5.7)
Using validation functions
Differences between TAS4 and TAS5 - a complete overview
Best Practices for Upgrading from v4 to v5
Technical details
News / Important information
- All Categories /
- Product
- Technical details /
- Security
Security
Access Management
All entities in the system are assigned a unique identifier, allowing all activities related to a given entity to be tracked.
Permissions at the application level can be managed through organizational units, roles, and competencies (role groups). Roles can also be imported directly from Active Directory (AD).
TAS supports AD for user synchronization and authentication.
Password policies follow the rules set in AD, or they can be configured for the internal authentication system.
Each user and administrator is granted only the necessary access rights, meaning there is a clear separation between roles such as requesters, approvers, etc.
Software
Installing an agent for malware detection and removal, with updates at least once per day, does not interfere with the application's functionality.
The standard release cycle for major versions is three months. Critical fixes are prioritized and released on a weekly basis if necessary.
TAS is designed to be verifiable for potential vulnerabilities.
Remote code execution from an external source is not possible.
All high and critical vulnerabilities (based on CVE scores) are addressed as a priority. However, some vulnerabilities in dependencies cannot be resolved if updates are not compatible with the application.
Confidentiality and Integrity
The database layer of the TAS application is managed by an MSSQL server, which ensures data confidentiality and integrity through authentication, authorization, transactional processing, and encryption.
TAS supports MSSQL with encrypted communication.
Confidentiality and integrity of data are maintained during both backup and archival processes, including storage on backup media, except for administrative interventions by database administrators.
Auditability and Non-Repudiation
All changes to processes and data can be audited at the application layer.
The application includes an optional automation feature for exporting logs to a SIEM system.
The application startup and shutdown events are logged at multiple levels (application, OS log).
User and administrator login and logout events, including failed login attempts, are logged.
System activity records are maintained at multiple levels, each addressing specific aspects of security. However, full compliance with integrity, provability, and non-repudiation principles is not guaranteed at every level.
Cryptographic Measures
Currently, the application supports encryption only for user-uploaded data files, not for all processed data.
Backup and Recovery
TAS allows both continuous and batch backups of all data affected by system usage, including not only database records but also configurations and settings that are created and modified during operation.
Backups can include configurations, database-level data, and attached data files.
