Providing information security for the world's biggest projects

Aconex offers an extremely scalable, highly reliable platform for managing information and processes for construction and engineering projects. We've invested over a decade in an enterprise-class cloud infrastructure offering multiple levels of security for cloud-based, project-wide collaboration. We continue to evolve our model to address a constantly changing threat landscape and to ensure your data is always protected. We know our business depends on earning your trust every day, and we take our responsibilities very seriously.

Confidentiality, integrity and availability

Certified to a global standard

The highest international standard for security management practices, ISO 27001 details requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information management system. We’ve been certified since 2011.

Controlled access

We offer sophisticated security options which span three levels of control—organization, project and user. Configurable options protect user logins, including password and access rules and a sophisticated role-based user security management system.

Authentication

2-Step Verification is optional at the project level. Aconex also supports SAML (the Secure Assertion Markup Language) which facilitates integration with Single Sign On providers.

Encryption

Aconex uses signed 2048-bit SSL keys for all HTTPS traffic to ensure all information is encrypted across the public internet while in transit. Client data can be protected by an encryption-at-rest solution in both primary and disaster-recovery sites.

Physical security

Our instances are co-located in geographically redundant data centers that are selected based on strict criteria, to address performance, security, data sovereignty and redundancy requirements. All data centers comply with the Uptime Institute's TIA 942 III or better.

Committed to your data security

Third-party validation

We undergo annual external audits and recertification audits every three years to ensure compliance with ISO 27001.

Independent verification

An independent third party undertakes penetration tests against our network, web application and mobile apps every quarter to verify our internal policies and regulatory compliance.

Testing for vulnerabilities

Aconex undergoes annual web and mobile vulnerability testing and social engineering testing. In these tests, we have been rated as "highly secure."

Data centers

Each data center undergoes annual audits to ensure they continue to meet our service-level requirements.