What security measures does ]u[ Ubiquity take with the journals platform?

Journals application


]u[ Ubiquity Journals are built using the latest stable version of the OJS3 platform distributed as open source by the Public Knowledge Project on their GitHub page. This means that the version is approved by the PKP Release Team and tested by the community. The application includes both open source and proprietary plugins developed by ]u[ Ubiquity. The automated release process includes QA and unit-testing steps that ensure the quality and security of the software before every deployment to our production environments.

Docker


The OJS3 journal application is hosted in Docker containers built on top of a regularly updated image of Alpine Linux, which are regularly checked by the Alpine Linux project to ensure that any critical bug is fixed timely.

Google Container Registry Scanning


Every Docker image is scanned automatically by Google before every release, to ensure that no critical or major security issues are present in the application (more info here: https://cloud.google.com/container-registry/docs/container-analysis?hl=en_GB)

Kubernetes


We host our Docker container using Kubernetes on Google Cloud (also known as GKE); we always upgrade our Kubernetes nodes to the latest stable version of the application distributed directly by Google, which also includes regular security fixes

SSL


The journal application is only served through SSL connections, with no exceptions; certificates are provided by LetsEncrypt and rotated automatically every 3 months

ISO27001


ISO27001 is an internationally recognised framework for managing the security and safety of commercial information assets. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). Since April 2021, ]u[ Ubiquity has been certified to this standard by a UKAS accredited body, and now maintains an ISMS whose scope covers all internal and held customer information/data, supporting assets, and systems.

Journal application instances, and the software that supports them, are identified information assets which are directly subject to rigorous and routine infosec risk assessment, risk analysis, and risk treatment/control. They also indirectly benefit from holistic stability and security improvements that the ISO27001 framework establishes within the organisation.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.