Lattira Data and Security
The cloud has proven to be a reliable and secure choice for even the largest organizations, and is fast becoming the most trusted data solution. This page provides details about how we keep your data safe and secure. Considerations are also provided for confidential projects and for projects where information cannot be stored in the cloud.
The Lattira Spec platform
1.1 Cyber Essentials Plus accreditation
Hubexo has achieved Cyber Essentials Plus accreditation. This is a UK Government certification scheme, with standards designed to protect businesses from cyberattacks. Following the standards of this certification means that Lattira is practising preventative cyber hygiene, such as having firewalls enabled and using multifactor authentication. View the certificate.
1.2 Additional security testing
We test our platform against the Google VSAQ (Vendor Security Assessment Questionnaire) – the process that Google uses to assess vendor security to ensure the highest levels of compliance.
VSAQ is a collection of adaptable questionnaires for evaluating a given vendor's security and privacy posture. Whilst we do not publicly publish the results of this questionnaire, we can make this information available upon request. For further details on VSAQ, click here.
Furthermore, we perform regular penetration testing on the Lattira software platforms, in line with the latest National Cyber Security Centre Guidance.
1.3 Data storage
All data within Lattira Spec is stored in secure data centres in London, operated by Amazon Web Services (AWS).
The AWS cloud is a network of remote servers hosted on the internet that store, manage, and process data in place of local servers or personal computers.
Lattira Spec runs with AWS's state-of-the-art infrastructure, and uses its comprehensive security features to enforce rigorous access control and defend against threats such as DDoS attacks. Our policy is to keep data encrypted in transit and at rest, wherever possible, to eliminate the possibility of any unauthorized access.
1.4 Data ownership
Lattira claims no ownership rights to data entered into Lattira Spec by users. All of the intellectual property rights in the Lattira Spec service, Lattira content and any materials or software created or used in the provision of training are, and shall remain at all times, the sole and exclusive property of Lattira or its licensors.
1.5 Data backup
Our infrastructure is designed to be extremely reliable and uses the latest cloud technologies to minimize the risk of any data loss. Data is continually backed up, with a restoration window target of five minutes (the maximum potential period of any data loss in the unlikely event of a problem). In addition, data and backups are stored on systems with designed durability of 99.999999999%, giving robust protection from component failure leading to data loss.
2. Working on more confidential projects
When working on more confidential projects, Lattira Spec allows for further restrictions to be applied. In addition, expert guidance is available on the Centre for the Protection of National Infrastructure (CPNI) website.
2.1 Hide project names from colleagues
Within Lattira Spec, all users added to an organization's licence can see the project names. At the project level, there is an option to control which colleagues can and cannot see a project's name.
Restricting information on confidential projects in Lattira Spec
Further guidance covering the Lattira Spec options in this area is available at the support page below:
https://support.thenbs.com/support/solutions/articles/7000067042-confidential-projects
2.2 Data permissions
With respect to the specification information within a project, it is possible to grant access levels at the specification level. For example, an architect at a multidisciplinary practice working on a project may be given contributor permissions to the building fabric specification and read-only permissions to the structural specification, but not granted access to the specification for the access control, CCTV and building management systems.
Restricting specification access within Lattira Spec
Further support information on the restricted access features in Lattira Spec is provided below:
https://support.thenbs.com/support/solutions/folders/7000040461
2.3 Enhanced organization access control
Lattira Spec access can be configured to work within an organization's single sign-on authentication scheme. This can improve security by:
- Ensuring that, when they leave the business, colleagues are removed from all applications they may have had access to.
- Allowing administrators to apply enhanced rules on password strength.
- Enabling multifactor authentication, such as two or more pieces of evidence (e.g. remembering a password and receiving a code on a mobile device).
2.4 Security-minded tips
Over and above software considerations, there are many additional security-minded considerations. Specifications may be printed out, emailed to external organizations, copied to portable storage devices and distributed in a multitude of ways.
With this in mind, a confidential project may have policies in place such as:
- Not including the real project name or address in the specification. For example, a code name such as 'Project Alpha' may be used. Consider a specification being found on a portable storage device or even printed out and lost – on confidential projects, it may not be prudent to have an identifiable project name on the header or footer.
- Not including identifiable names in the specification, if doing so is not necessary. In particular, organization-level email addresses may be more appropriate; for example, info@abc-design.com and not john.doe@abc-design.com.
- Use names that make it more difficult to identify assets. For example, 'Doorset Type C' and not 'Doorset to secure storage room'.
Further information on a security-minded approach to digital engineering can be accessed at the link below:
https://www.cpni.gov.uk/security-minded-approach-digital-engineering
3. Working on projects that are not allowed on the cloud
On the most secure projects, where all information must be securely controlled in an offline environment, it is still possible to use Lattira, but in a much less functional way.
It is possible to access Lattira Spec to download the latest specification templates in DOCX (Microsoft Word) format.
This would then allow the specification to be developed in an offline word-processing tool.
Depending on the specific project procedures for read-only internet access, access to Lattira Spec and Lattira Source may be allowed so that the technical guidance, suggested specification values, links to reference documents and manufacturer information can be viewed.
