Security
Q. At what physical location is the data stored?
A. All data is stored in the Netherlands by default. We understand the importance of locating your data. We have dedicated private cloud servers on our own physical servers. In this way we can assure your data will not be hosted on a foreign site via a virtual server.
Q. At what (physical) locations are the servers located?
A. All servers are running at multiple locations in The Netherlands
Q. What measures are implemented at their data centers to ensure a quality level of service?
A. All the data centers have ISO 9001, ISO 14001 and ISO 27001 certifications.
Q. What server architecture is being used at the data centers?
A. All servers are bare-metal servers hosted by multiple data centers in the Netherlands. All servers are leased.
Q. How is security of data transmission ensured?
A. HTTPS is used for securing all data transmissions.
All data communication between clients-users and data locations is encrypted via HTTPS connection. Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP) for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS), or, formerly, its predecessor, Secure Sockets Layer (SSL). The protocol is therefore also often referred to as HTTP over TLS, or HTTP over SSL.
Privacy
Q. Are the software and services provided compliant to the EU GDPR?
A. Yes, the software and services are fully compliant to the EU GDPR. The GDPR includes, among other things, the following obligations:
- Inform your customers (for which you record data) and mention how long you store this data;
- Inform your customers about their rights (the right to audit, adapt and delete data), the right to grant and withdraw access and use of records, the right to portability of their data and the right to submit complaints to the GDPR Authorities
- A Data Protection Impact Assessment is sometimes mandatory (e.g. if you systematically and extensively evaluate personal aspects)
- You should collect as little privacy-sensitive information as possible and get it dispose as soon as possible on the basis of an internal policy that indicates when data is no longer relevant.
- If data is processed on a large scale, it may be necessary to use a Data Protection Officer
- Document all data leaks
- Provide a processing agreement (the processing agreement meets the requirements of the GDPR)
- The GDPR imposes strict requirements on the permission that you have to ask for processing data. You must be able to prove that you have received permission.
- Data that is stored in online services must be easily transferred to other systems (portability)
- Data must be safely ‘discarded’
It is ensured that functionality is available to meet the requirements of the GDPR regarding points 10, 11, 12 and 13.
The Solution provides all industry ‘standard’ GDPR functionalities:
Default emails, asking for approval news bulletins, enquiries, events and newsletters
Within all email (campaigns) options to opt-out
Per standard, the IIA member will have to approve storage and use of (anonymous) data
In each online process (review, certification, file review) GDPR approval must be given
Continuity
Q. How is data-continuity ensured?
A. Data continuity is ensured via mirroring/real time synchronisation and backup
Real Time Synchronisation:
Database replication:
Hourly Synchronisation:
Files are replicated via snapshots on BTRFS volumes
Daily Synchronisation:
Rsync backup database to datacenter backup
Rsync backup files to datacenter backup
Q. How are patches, updates and security (bug) fixes in the software and infrastructure applied?
A. The cloud and portal solutions are centrally managed environments. New releases (patches, bug fixes and updates) will always be deployed after acceptance by the client. We facilitate a develop, test and acceptance environment which resembles your production. Online you will find the release notes of the new release, so you focus the test on the new features.