register your company

Questions about Data Protection & Privacy

  1. Who can see the data I enter into Shipping KPI System?
  2. Can somebody outside of my company access individual vessel data?
  3. What measurements did you take to secure Shipping KPI System?
  4. So my data is absolutely safe?

Answers

  1. Who can see the data I enter into Shipping KPI System?

    All data entered or uploaded by you into the Shipping KPI System is tagged as owned by your company account.

    The system ensures, that any data related to a single ship can only be viewed and accessed in any other form by other users of the same account, ie. your direct colleagues.


  2. Can somebody outside of my company access individual vessel data?

    No! Individual ship data of your account is only available to you and other users of the same account. 

    Aggregated ship data (ie. averages of several ships) is only presented, if at least 10 ships of 3 different users have contributed to that aggregation. We call this the rule of three and this rule prevents a user from seeing individual data by applying a specific filter during benchmarking.


  3. What measurements did you take to secure Shipping KPI System?

    Security and data protection is an integral part of the Shipping KPI System. Without becoming too technical some of the measurements taken are:

    • state of the art firewall protection based on Amazon EC2 technology
    • minimal number of open ports (limited to HTTP, HTTPS and SSH)
    • access via SSH with public key authentication only
    • web traffic encryption (HTTPS) for all authenticated usage
    • intensive logging and audit of all access and access attempts
    • implementation of security guideline as defined by Open Web Application Security Project (OWAS) in regards to:
    • Cross Site Scripting (XSS)
    • Injection flaws, particularly SQL injection
    • Insecure Direct Object Reference
    • Cross Site Request Forgery (CSRF)
    • Information Leakage and Improper Error Handling
    • Broken Authentication and Session Management
    • Insecure Cryptographic Storage
    • Insecure Communications
    • Failure to Restrict URL Access


  4. So my data is absolutely safe?

    As described above several measurements have been taken to ensure the safety and security of the Shipping KPI System. But still we need to be wise enough to admit, that any application published on the internet can be subject to viral attacks.

    As a consequence no internet based application can be regarded absolutely safe and this includes the Shipping KPI System. At the same time we will continue to work with the community and other experts to make the Shipping KPI System as safe as possible by applying all available upgrades to software and framework.


BIMCO Shipping KPIs website uses cookies to ensure you get the best experience. You can find more information about cookies in our Privacy Policy.

Got it!