For almost two decades, Digicast has been serving the corporate webcasting needs of our clients. Security and privacy compliance is part of our DNA.
As with other Digicast products and services, icastPro implements best of class security and data privacy practices in terms of development and operations.
This document will give you an overview of our commitment to provide you a secure application, which respects the personal information of you and your participants.
Access control
Types of endpoints
icastPro, being a webcast platform, provides access to 2 types of web endpoints:
- The icastPro application (Administrator and Manager) which allows organizers to create and manage their webcasts and speakers to produce the content webcasted,
- The webcasts interface that allow participants to watch the webcast and use interactivity tools
Types of users
- Participant:
- User watching a webcast,
- has access to webcast interface.
- Collaborators (Client)
- can log in to the icastPro Manager,
- has access to webcasts that have been assigned
- can direct the webcast (advance slides, manage questions)
- has access to participation analytics.
- Organizers (Client):
- has the same permissions as collaborators, plus:
- can manage participant access to the webcast
- can invite collaborators to assist
- can see results to polls, votes, and motions.
- can place orders for new webcasts
- Client Admin:
- can log in to the icastPro Manager,
- has full management access to all webcasts in the organization
- can invite organizers and collaborators to the organization
- Digicast Staff
- Has access to the icastPro Adminsitrator,
- must use domain credentials (SSO) with MFA
- can add new organizations and client accounts,
- can create and manage webcasts,
- can manage all webcast content
Users Accounts Management
- All icastGo application accounts credentials are defined by respective users
- no credentials secrets are stored unencrypted
- roles privileges are defined/stored within the application
- a semestrial review of admin assignation is performed by the product team.
Authentication
- Participants are authenticated by SSO, or an email-provided token (magic-link)
- Other users are authenticated by a credentials pair including their email address and their password
- Passwords are defined by users by using an email-provided activation link before first login
Note: MFA authentication is used for sensitive users (Level 3) access at infrastructure level. MFA is likely to be generalized for all application users if enabled by organizers in the coming releases.
Audit, Accountability and Monitoring
- Application logs identifying relevant information to perform security audits are available to support levels 2 and 3 members.
- All third party software or platforms are providing logs with equivalent levels of detail.
- Logs are securely stored and secured with proper access controls as defined by Digicast policies.
- The application is audited frequently by our customers and auditor accesses are made available upon tactical motivated request.
Security Awareness
- Organizers training path includes security-specific modules about webcast contents
- Support agent training includes general overview of sensitive scenarios that could lead to leak of confidential information
- Developers and product team, including support agents, are subject to Digicast policies
Monitoring and Incident Response
- Proactive application monitoring is available during opening hours as well as during special events,
- Level 2 support team has access to corresponding live application logs
- Level 3 support a.k.a. devops team, is available upon request of Level 2 members to investigate live on all application aspects.
- Incident report is available upon request or, for major outages, proactively provided to active organizations.
Contingency Planning
- Databases and artifact storage are geo-replicated in real time
- Databases and artifact storage backups are performed each 24 hours
- Redundancy and realtime fallback are part of Digicast DNA for two decades