This Security Advisory Summary outlines the key security behaviours, expectations, and responsibilities associated with the use of the Asset Controller Software and the customer-specific Azure SQL contained database.
1. Locally Installed Software
Asset Controller is installed on the Customer’s Windows machines. The security of the Windows environment is therefore critical.
The Customer is responsible for:
- Using strong Windows login passwords
- Preventing unauthorised access to devices
- Maintaining antivirus/anti-malware protection
- Keeping Windows updates current
A compromised Windows device may expose configuration data or credentials.
2. SQL Authentication and Local Credential Handling
The Software connects to a dedicated Azure SQL contained database using SQL Authentication.
Key points:
- The SQL username and password are stored locally on the Customer’s device in an obfuscated format.
- The Software reconstructs these credentials solely for the purpose of establishing a database connection.
- PCP Software Solutions Ltd does not store, access, transmit, or manage these credentials in any form.
Because credential handling occurs on the Customer’s machine, local device security is solely the Customer’s responsibility.
3. Firewall Configuration (Customer-Controlled)
Firewall rules for the contained SQL database are configured inside the Software using the built-in Firewall Configuration Tools.
- PCP does not set, enforce, validate, or monitor firewall rules.
- The Customer selects the IP addresses or IP ranges permitted to connect.
- Leaving permissive or open firewall rules may expose the database to the public internet.
The Customer is fully responsible for all firewall configuration decisions.
4. Data Protection & Backups
PCP performs disaster-recovery backups, which are retained for approximately 5 days.
These backups:
- are intended for catastrophic recovery only;
- do not guarantee recovery of deleted or overwritten record-level data;
- do not replace the Customer’s need for routine data exports.
The Customer should maintain their own periodic exports of critical data.
5. Updates & Security
PCP issues security and feature updates periodically.
Customers are strongly advised not to disable updates.
- Disabling updates increases security risk.
- PCP may refuse support if outdated versions are used.
- PCP may suspend service if a security risk exists due to outdated Software.
6. Shared Security Responsibilities
PCP is responsible for:
- Secure hosting within Microsoft Azure
- Encryption of data in transit
- Azure Defender monitoring
- Maintaining the availability of Firewall Configuration Tools
- Disaster-recovery backups
The Customer is responsible for:
- Local Windows device security
- Selecting and maintaining firewall rules
- Handling of SQL credentials stored on their devices
- Correct configuration of allowed IP ranges
- Exporting and safeguarding their own data
- Installing updates promptly
7. Risk Considerations
The following risks may occur if not properly managed by the Customer:
- Unrestricted firewall access may allow unauthorised connections
- Insecure Windows devices may expose SQL credentials
- Outdated Software may contain unpatched vulnerabilities
- Incorrect IP configuration may allow unintended access
- Customer-deleted or overwritten data may not be recoverable
These risks fall under Customer control, and PCP cannot be liable for security incidents arising from these factors.
⭐ Summary
Asset Controller provides enterprise-grade cloud hosting and security controls, but the Customer’s local environment and firewall configuration play a critical role in overall system security.
By correctly configuring firewall rules, maintaining secure Windows devices, and keeping the Software updated, the Customer ensures safe, reliable, and compliant use of the system.