For almost two decades, Digicast has been serving corporate webcast needs. Security and privacy compliance is part of our DNA.
As other Digicast products and services, icastGo is applying best of class security and data privacy practices in terms of development and operations.
This document intent to give you an overview of our commitment to provide you a secure application which respects yours and your participants personal information.
Access control
Types of endpoints
icastGo, being a webcast platform, provides access to 2 types of web endpoints:
- The icastGo application which allows organizers to create and manage their webcasts and speakers to produce the content webcasted,
- The webcasts interfaces that allow participants to watch the webcast and use interactivity tools
Types of users
- Participant:
- User watching a webcast,
- has access to webcast interface.
- Organizer:
- has access to the icastGo application,
- access is restricted to his/her organization,
- is able to manage webcasts, participants and speakers,
- manages webcast content,
- manages interactivity content (polls, questions),
- Has access to participation analytics.
- Speaker:
- Has access to the icastGo application,
- is able to participate to a specific webcast,
- is able to provide related content,
- has access to read interactivity content (polls, questions).
- Administrator
- Has access to the icastGo application,
- access is restricted to one or several organizations,
- is able to manage webcasts, participants and speakers,
- manages webcast content,
- manages interactivity content (polls, questions).
- Has access to participation analytics.
- Super Administrator
- has access to the icastGo application,
- assigns Administrator organization(s)
Users Accounts Management
- All icastGo application accounts credentials are defined by respective users
- no credentials secrets are stored unencrypted
- roles privileges are defined/stored within the application
- a semestrial review of admin assignation is performed by the product team.
Authentication
- Participants are authenticated by an email-provided token (magic-link)
- Other users are authenticated by a credentials pair including their email address and their password
- Passwords are defined by users by using an email-provided activation link before first login
Note: MFA authentication is used for sensitive users (Level 3) access at infrastructure level. MFA is likely to be generalized for all application users if enabled by organizers in the coming releases.
Audit, Accountability and Monitoring
- Application logs identifying relevant information to perform security audits are available to support levels 2 and 3 members.
- All third party software or platforms are providing logs with equivalent levels of detail.
- Logs are securely stored and secured with proper access controls as defined by Digicast policies.
- The application is audited frequently by our customers and auditor accesses are made available upon tactical motivated request.
Security Awareness
- Organizers training path includes security-specific modules about webcast contents
- Support agent training includes general overview of sensitive scenarios that could lead to leak of confidential information
- Developers and product team, including support agents, are subject to Digicast policies
Monitoring and Incident Response
- Proactive application monitoring is available during opening hours as well as during special events,
- Level 2 support team has access to corresponding live application logs
- Level 3 support a.k.a. devops team, is available upon request of Level 2 members to investigate live on all application aspects.
- Incident report is available upon request or, for major outages, proactively provided to active organizations.
Contingency Planning
- Databases and artifact storage are geo-replicated in real time
- Databases and artifact storage backups are performed each 24 hours
- Redundancy and realtime fallback are part of Digicast DNA for two decades