Virtual infrastructure security policy can be split into the following parts:


  • Network security 
    • Complete production infrastructure is isolated from non-production networks and other solutions provided by OptimiDoc. Direct access to virtual infrastructure is forbidden from non-production networks to servers and network devices in a production network. 
    • Only temporary access from OptimiDoc offices is allowed to realise maintenance and upgrade operations. 
  • Access policy 
    • OptimiDoc Cloud follows the principle of least privilege. Organisation responsibility is divided amongst organisations, and specific roles are assigned to manage those responsibilities. 
    • MFA is required for all employees across the organisation. 
  • Update and maintenance policy 
    • OptimiDoc periodically monitors and applies the latest application and operating security patches. 
  • Intrusion protection 
    • Microsoft Azure Environment protects against network intrusion, data theft, and other threats like malware (even at the hardware level) and DoS attacks.