Security options in Tickit On Demand

As an ISO 27001 certified organisation, Tickit Systems is acutely aware of the importance of Information Security. For this reason, we are continually developing and releasing new security features for our Tickit On Demand GRC solution. We now have a full range of security options available for our users. In conjunction with the security measures implemented in our secure hosting process, we believe that makes Tickit On Demand well positioned to meet the security requirements for your GRC system.


Secure hosting environment

All Tickit On Demand instances are hosted within a scalable, fault tolerant infrastructure. Additional server resources are deployed as required to ensure high-availability and responsiveness of the application. Our servers require RSA Certificates for Tickit System Administrators to log in to, and are firewalled with IP restrictions. The Tickit Server cluster operates on a private network that is not accessible from the outside Internet. Hosted data is partitioned into per client databases with strict database access policies (a ‘single tenancy’ application). All data is SSL encrypted, and the SSL Certificates are provided by a commercial certificate provider ensuring enhanced security for your sensitive information.


Tickit On Demand standard security features

Every Tickit On Demand instance employs a strict role-based security policy, which enforces user actions based on their credentials. Each user must be individually defined in Tickit On Demand with a userid, password and email address. The user passwords must meet the following criteria;

  • Password length must be between 8 and 16 characters
  • Passwords must be different to the username
  • Passwords must contain both letters and numbers

Each user has individually configured user permissions, controlling access to client data and system functionality as is applicable for their role.

In addition to the standard security features, there are a number of additional security options that can be enabled. These include;

  • Passwords can be set to expire in 30, 45, 60 or 90 days
  • Passwords must contain both Upper and Lowercase letters
  • Passwords must contain at least 1 Special character
  • Password minimum length increased from 8 to 12 characters
  • Prevent repeat of last 5 passwords


Tickit On Demand optional security features

In addition to the standard security features that are included with all instances, there are a number of optional security tools that can be enabled;

  • IP Address Validation – Access to the Tickit On Demand can be limited to connections originating from a nominated list of IP addresses (the whitelist).
  • Two Factor Authentication – This process implements a requirement for two separate forms of identification in order to access the Tickit On Demand instance. After entering the userid and password, a “One Time Password” is emailed to the user, and must be entered within a few minutes.
  • Same Sign On – When a user logs in to Tickit On Demand, instead of validating the username and password within the system, these details will be validated against your Active Directory environment. A userid and password must still be entered for each login attempt.
  • Single Sign On – When enabled, access to the Tickit On Demand system is controlled by your own organisation’s security framework. Once you have logged in to your network, no further entry of userid or password is required to access Tickit On Demand. The initial version of Single Sign On has been designed for use with Microsoft Azure, however if you use a different security environment please let us know and we will investigate your requirements.

If you would like to know more about any of the Security features available in Tickit on Demand, or about Tickit On Demand in general, please contact us at for more information.