What is Trello ?
Trello is a web based collaboration tool that you can use to organise your projects into boards so that you can both manage and visualise the workflow. The interface is a modern drop and drag implementation that is fully customisable making it highly suitable for use in Agile software development and Systems Administration following a Kanban process.
Who owns Trello ?
Trello is owned by Fog Creek, a U.S. company founded by Michael Pryor and Joel Spolsky in 2000. Joel Spolsky in particular is a recognised expert in Software Development and has authored a number of books around this topic. The Fog Creek offices are based in New York.
How secure is Trello ?
Regulatory Security
Fog Creek use the Safe Harbor (http://export.gov/safeharbor/) framework as a guideline for good security practice. Safe Harbor was put in place to allow U.S. organisations to comply with the European Commission’s directive on data protection that prohibited the transfer of personal data to non EU countries. Safe harbor is a compromise between complex European compliance and the U.S. Self Regulatory style. The decision to enter the Safe Harbor program by US organisations is entirely voluntary. Organisations that decide to participate must comply with the framework and publicly declare that they do so. An organisation participating in Safe Harbor must self-certify annually.
To qualify for the Safe Harbor program an organisation must comply with the following seven Safe Harbor privacy principles.
- Notice - Individuals must be informed that their data is being collected and about how it will be used.
- Choice - Individuals must have the ability to opt out of the collection and forward transfer of the data to third parties.
- Onward Transfer - Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.
- Security - Reasonable efforts must be made to prevent loss of collected information.
- Data Integrity - Data must be relevant and reliable for the purpose it was collected for.
- Access - Individuals must be able to access information held about them, and correct or delete it if it is inaccurate.
- Enforcement - There must be effective means of enforcing these rules.
Further information on the Safe Harbor privacy principles can be explored here
One of the membership requirements of Safe Harbor is that the organisation's security policy is publically accessible. The Fog Creek security policy can be found here
The Trello specific security policy can be found here
The evidence that Fog Creek comply with the Safe Harbor framework can be found here
Physical Security
Fog Creek promote the following security features on their Trello website
- All communication between the client and Trello servers is transferred over TLS/SSL.
- Trello use a wildcard server certificate issued by DigiCert.
- An administrator of a Trello board has full control of the visibility of data and all defaults are set to favour privacy. The member profile however is public, which includes your full name, username and bio (if set), but not your email unless you set your username to be your email address.
- Backups are taken hourly and stored at an offsite location.
The data stored on Trello servers is not encrypted.
What is Trello ?
Trello is a web based collaboration tool that you can use to organise your projects into boards so that you can both manage and visualise the workflow. The interface is a modern drop and drag implementation that is fully customisable making it highly suitable for use in Agile software development and Systems Administration following a Kanban process.
Who owns Trello ?
Trello is owned by Fog Creek, a U.S. company founded by Michael Pryor and Joel Spolsky in 2000. Joel Spolsky in particular is a recognised expert in Software Development and has authored a number of books around this topic. The Fog Creek offices are based in New York.
How secure is Trello ?
Regulatory Security
Fog Creek use the Safe Harbor (http://export.gov/safeharbor/) framework as a guideline for good security practice. Safe Harbor was put in place to allow U.S. organisations to comply with the European Commission’s directive on data protection that prohibited the transfer of personal data to non EU countries. Safe harbor is a compromise between complex European compliance and the U.S. Self Regulatory style. The decision to enter the Safe Harbor program by US organisations is entirely voluntary. Organisations that decide to participate must comply with the framework and publicly declare that they do so. An organisation participating in Safe Harbor must self-certify annually.
To qualify for the Safe Harbor program an organisation must comply with the following seven Safe Harbor privacy principles.
- Notice - Individuals must be informed that their data is being collected and about how it will be used.
- Choice - Individuals must have the ability to opt out of the collection and forward transfer of the data to third parties.
- Onward Transfer - Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.
- Security - Reasonable efforts must be made to prevent loss of collected information.
- Data Integrity - Data must be relevant and reliable for the purpose it was collected for.
- Access - Individuals must be able to access information held about them, and correct or delete it if it is inaccurate.
- Enforcement - There must be effective means of enforcing these rules.
Further information on the Safe Harbor privacy principles can be explored here
One of the membership requirements of Safe Harbor is that the organisation's security policy is publically accessible. The Fog Creek security policy can be found here
The Trello specific security policy can be found here
The evidence that Fog Creek comply with the Safe Harbor framework can be found here
Physical Security
Fog Creek promote the following security features on their Trello website
- All communication between the client and Trello servers is transferred over TLS/SSL.
- Trello use a wildcard server certificate issued by DigiCert.
- An administrator of a Trello board has full control of the visibility of data and all defaults are set to favour privacy. The member profile however is public, which includes your full name, username and bio (if set), but not your email unless you set your username to be your email address.
- Backups are taken hourly and stored at an offsite location.
The data stored on Trello servers is not encrypted.
