Skip to content
English
Customer portal
Go to gamfi.com
  • There are no suggestions because the search field is empty.

Is Gamfi People Platform safe?

Gamfi People Platform undergoes regular security testing that allows us to assess the technological and organizational measures in place. Our ISO 27001:2022 certificate.

Here are the steps we have taken to ensure your safety:

 

1️⃣ Two-Factor Authentication (2FA)

This feature applies to logging into the Admin Panel and is optional. It is available when logging into the Admin Panel. How does it work? The administrator logs in using, for example, their email address and password, and then receives an additional authorization code via SMS (the SMS code is valid for 10 minutes and can be entered 10 times incorrectly).

If you would like to use this feature, please contact your Application Manager.

 

2️⃣ Manual and automatic account deletion

Account deletion is possible manually, for example, when the personal data processing deadline expires, or automatically after a specified number of days have passed since the last action in the workflow was released. This feature is recommended for offboarding workflows.

 

3️⃣ Automatic User Session Timeout and Logout

Two values ​​can be set in the Admin Panel under Application Settings:

  • Automatic Session Timeout (Inactivity Timeout) - This is the time after which the user will be logged out if they are inactive.

  • Absolute Session Timeout - This is the maximum session lifetime, regardless of user activity.

☝🏻

 The recommended values ​​according to OWASP for our application are 30 minutes and 8 hours, respectively.

 

4️⃣ Password Policy

  • The minimum password length in Gamfi People Platform is 12 characters.

☝🏻

 If someone previously had an 8-character password, they can still use it. However, when activating a new account or resetting their password, they will be required to set a 12-character password.

  • Temporarily locks the account after five failed password attempts by the user - the lock will be automatically lifted after 15 minutes.

 

5️⃣ Content Security Policy (CSP)

This is a security mechanism built into browsers that allows applications to specify from which sources resources such as scripts, styles, images, and frames can be loaded. This reduces the risk of malicious code being injected and executed (e.g., XSS attacks).

☝🏻

 CSP also allows you to enforce the use of only trusted domains and protocols, making it difficult for data to leak to unauthorized services. A strong CSP policy increases user trust, reduces the risk of attacks, and supports compliance with security regulations (e.g., ISO 27001, SOC 2).

Currently, we only allow services like Vimeo, YouTube, etc. in the Gamfi People Platform.


6️⃣ Other security measures compliant with the OWASP Application Security Verification Standard (ASVS)

  1. Blocking the ability to enumerate user accounts during login via "Imported ID";

  2. Blocking the validity of MFA codes in the event of (expiration/incorrect code entry);

  3. Protections regarding editing administrator accounts in the panel – an administrator cannot change data in another administrator's account. Such data can be changed by a user with the "Gamfi Admin" flag (this is an internal Gamfi People Platform Role that is not visible to the client-side administrator);

  4. Blocks enabling editing administrator accounts by adding a new user to the application or starting a process (and adding a new user).