Technical and organisational data protection measures
We offer you a high level of data protection and security in accordance with the German Data Protection Act.
- Entry control
The user identification is exclusively about personal credentials carried out so that actions can be attributed to a specific person always. There is no split permissions.
- All privileged operations are logged
- SSH logins done via SSH Keys
- Successful SSH logins are logged
- A better access control on the network is ensured by establishing
different VLANs, which are separated by a firewall gateway. The networks
be distinguished according to how much traffic is to be expected in them:
- Frontend network
- Application network
- Storage Network
- Management network
- Access Control
The authorization concept distinguishes between the responsibilities for the maintenance of applications and privileged tasks for updating and configuring the operating system.
Application developers can change to service-user access and database administration access. All permissions are set explicitly and comprehensible. Access for a group of people is not granted to track transactions.
- Transfer Control
- All personal data is transfered in an authenticated and encrypted communication channel. These also includes the data for the test systems.
- Availability Control
Personal data is protected against accidental destruction or loss by
- redundant hardware and virtualization
- through the backup services
- the disaster recovery, which describes in detail failure scenarios, precautions and availability measurements
- Separation control
Data for different purposes will be processed separately:
- Virtual machines separate the processing of data and storage networks separate the persistently stored data
- The machines (virtual and physical) are separated into access rings
- Various applications are separated into different virtual machines and/or different service user