SPPAS Security Information

SPPAS is an appraisal system that values the safety and protection of customer data above all else. SPPAS uses the SharePoint Framework (SPFx) development model and full trust client-side solutions that guarantee the integration of SharePoint data without compromising the safety of SharePoint environments.

Customers can rest assured that their data is not collected by SPPAS, and the organization implements several security measures, such as thorough security code reviews and daily automated testing, to ensure product reliability.

We Think Security

At SPPAS, we recognize the importance of keeping your SharePoint environment secure and safeguarding your organization’s sensitive data. Our top priority is to ensure the privacy and security of our customers’ data, which we have taken into account during the design of SPPAS.

This guide serves as your primary resource to learn about the safety and security measures we implement at SPPAS to seamlessly integrate our powerful appraisal system into your environment without accessing any of your data. Our system is specifically designed to prevent access to the information you generate, store, transfer, and use within your environment. Additionally, we’ll provide insights into the crucial practices we employ within our organization to ensure that our daily operations are secure and protected against unauthorized access and other security threats.

SPPAS is Entirely Installed in Your Environment

We acknowledge that prior to installing SPPAS on your Office 365 or SharePoint 2019 environment, you may have several concerns such as:

  • Will the SPPAS SPFx cause any modifications to my site upon installation?
  • On which sites will the application be accessible?
  • How can I effectively manage the SPPAS SPFx app?

Essentially, you may be apprehensive about the immediate effects that SPPAS could have on your SharePoint sites post-installation.

To provide clarity, here’s what you can anticipate after installing SPPAS SPFx into Office 365:

1. The app will appear in the list of installed apps in the Tenant App Catalog.

2. One new item will appear in the Site Contents of the site where you installe:
SPPAS – SharePoint Perfomance Appraisal System:

3. Additional lists will be created to store the appraisal data.

4. New groups and permission levels will be created on the team site that SPPAS was installed. This is to manage the users who visit the site and prevent users from accessing and modifying the lists created previously directly.

Other than these changes, there will be nothing else that appears in your environment after installing SPPAS SPFx.
No existing page lists will be affected.

Security by Design

As SPPAS is primarily used for user appraisals, several of our users have expressed concern about whether the data stored within their SharePoint sites and pages is shared with SPPAS. The brief answer is that it is not shared with us. However, it’s important to delve into the specifics of how SPPAS is installed within an Office 365 environment to gain a better understanding.

SPPAS is entirely installed in your environment.

SPPAS utilizes the SharePoint Framework (SPFx) development model, which allows for seamless client-side SharePoint development and integration with SharePoint data. This framework is also known as a full trust client-side solution, meaning that it incorporates full trust client-side code and can operate in full trust.

At SPPAS, we prioritize adhering to Microsoft Office 365, SharePoint, and SAP Cloud Security principles and guidelines while creating our solution. All scripts are executed exclusively within your SharePoint environment’s confines, and we do not grant access to your content in any way. We also employ additional security measures to ensure the constant safety and protection of all your data and information.

Your Data Untouched

Can SPPAS acquire any data from my environment, and if so, what kind of data is collected? Also, is there a possibility that SPPAS may store the data that is collected?

SPPAS collects only:

  1. The necessary information to activate & check SPPAS License. The following information is collected:
    • Tenant URL
    • User email address

Security Compliance

At SPPAS, we prioritize the security of our organization and the products we offer. We continuously oversee over 100 security controls across our company, and our security policies and procedures undergo regular reviews, approvals by management, and dissemination to all employees. Additionally, our security committee thoroughly evaluates the development of all product functionalities, and we mandate security code reviews for all changes.


We have implemented several methods in our daily product development and maintenance processes to ensure the reliability of SPPAS. These include:

Night Watch Testing: We conduct automated end-to-end testing on a daily basis to detect any changes that may impact the performance of the SPPAS product. This allows us to quickly identify any required updates or fixes and implement them promptly.

Risk-Free Upgrades: Our product features provide you with control over when and how your sites are upgraded. We guarantee that SPPAS upgrades are smooth and efficient, with no downtime, allowing you to upgrade with confidence.