¶ JOIN Agenderen
JOIN Agenderen offers an environment for preparing meeting agendas, publishing, and distributing meeting documents online. Documents from JOIN Case & Document (in the official phase) can be recorded and ordered (in the agenda phase) then published for various solutions (for the meeting phase).
¶ Vergader App
An iPad application that connects to the published documents from JOIN Agenderen so that these documents can be viewed digitally during the meeting.
the VergaderApp is supported until 31-12-2022
¶ Architecture
Agenderen’s architecture consist of 3 main components Frontend, Meeting publisher worker and JOIN Case and Document connection using JOIN Connect WCF Service. All the meetings are always retrieved from JOIN case and document, so they are always latest and when the meeting is finished it is sent to meeting publisher. Meeting publisher creates the pdf of meeting and convert all the meeting files to pdf and securely stores it in Cloud storage which can be retrived any time.
Also, It notifies all the configured vendors about meeting’s update. Using OData service vendors can retrieve meeting, metadata and meeting files.
¶ Security
Join Agenderen uses cloud IDP service to manage user identities and licensing information. Decos is an ISO-27001 certified company. This well-known security standard runs a wide variety of security measures that cover the entire company and all processes. Using an Information Security Management System (ISMS), all processes involved in the development, hosting and support of the JOIN Application are covered.
¶ The certification covers:
► Security Policy
► Device Management
► Personnel Management
► Access Management
► Storage & Encryption Management
► Vendor Management
► Incident Management
► And More
Our ISO certification and Statement of Applicability can be shared with customers upon request.
Microsoft Azure is our host provider and has a wide variety of ISO certifications. ISO-27001 is one of them. See https://servicetrust.microsoft.com/ for full details.
¶ To test
ISO-27001 ensures that software security is included in our development processes. A security checklist based on the OWASP Top 10 is known to all developers and is part of the Definition of Done (DoD).
Automated security
Additional security is automatically tested using tooling. All developers use OWASP ZAP to scan their applications. The Quality Assurance department monitors the software release candidates using BurpSuite and reports to the Product Owners and Security Officers at Decos.
¶ Penetration Tests
Apart from testing using tools, all products in the JOIN Suite are subject to an external audit at least once a year. This audit is a requirement for ISO-27001, but it is also a requirement of Logius to be able to link applications to DigiD. The auditors also conduct a thorough penetration test.
Decos also has an internal penetration testing scheme in which the developers try to hack into each other’s applications. This is a recurring process and part of our ISO-27001 procedures.
¶ Responsible Disclosure
It is possible that there are still bugs in the released software. We ask ethical hackers to work with us using a Responsible Disclosure Policy. We will reward any security issue that was not yet known to us, as long as the hacker has not abused his findings.
See our Responsible Disclosure Policy online: https://www.decos.com/en/security .
¶ Encryption and Backup
All data is captured in a Microsoft Azure Recovery Services Vault with a minimum storage time of 30 days. This applies to all files stored in the applications as well as in the databases.
All data is encrypted at rest. Storage Accounts using Azure Storage Encryption ( https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption Z ) and databases are encrypted at rest using Transparent Data Encryption ( https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data- encryption-tde-overview?tabs=azure-portal)
The recovery point objective (RPO) can be anywhere in the retention periods. The recovery time objective (RTO) is considerably limited. Depending on the amount of data being saved, the recovery process is usually completed within an hour.
¶ Integrations
JOIN Agenderen is integrated only with JOIN Case and Document while preparation phase. Once the meetings are over it can be integrated with below but not limited to vendors.
- Agenderen iOS App
- GO
- iBabs
- Minute
- Notubiz
- SIM
¶ Performance & Scalability
JOIN Agenderen is hosted in Microsoft Azure data centres in the Western Europe region. JOIN Agenderen is only a cloud solution and cannot be hosted on site. By leveraging the power of Microsoft Azure, Agenderen’s uptime is at least 99.95%.
Agenderen’s data is stored in cloud and can be retrieved at any time in future.
¶ Browser support
Major browsers like Chrome, EDGE and Firefox are supported for JOIN Agenderen.