Admission control. Digital access to the storage media of personal data must generally be protected against un- authorized access by means of password-protected access and passwords are randomly generated by an encrypted password manager. Access data and passwords in particular must never be stored locally, but only in a SOC2-certified password management tool. Also, sharing of newly created login credentials or shared access is never done unencrypted via standard communication channels, but exclusively by means of the deployed password management software. In this way, user accesses are centrally managed, documented and their validity regularly checked. As a matter of principle, initial passwords must be changed immediately after they are received and stored in a personal password container in the cer- tified password management tool. E-mails are only sent and read via the TLS-encrypted do- main belonging to the company. In addition, screen workstations are automatically locked after two minutes and must be unlocked by re-authentication.
Admission control. The following implemented measures prevent unauthorized persons from gaining access to the data processing systems: ● Cleandesk corporate guideline ● Authentication with user and password ● Regulated authorization management and user administration ● Use of firewalls ● Use of antivirus software ● Virtual client separation ● Automatic screen lock with password activation
Admission control. Measures to limit admission of unauthorized persons to systems where personal data is used or processed with electronic data processing devices. • Safeguarding of physical network infrastructure • Firewall for internal networks against external vulnerabilities • Control of use for electronic data processing • Regulations and instructions of admission control • Control and identification of authorized persons • Logging of use for entry rights • Admission only with User-ID and password only • Separation of function principle when granting entry authorization • Identification of terminal or terminal user (e.g.: login with user-ID and password) • Automatic screensaver protection in case of inactivity • Lockable terminals and decentralized IT-systems • Safeguarding of electronic data processing systems correspondent with the requirements • Functional and/or timely limited use of terminals
Admission control. The feasibility of a request satisfaction should be checked before including the request in the system. Based on the requests already presented in the process’s local queue, the admission control should firstly verify if a process request can be locally satisfied. If such is the case, a global admission policy is performed. − −
Admission control. (a) Door locking
(i) The entrance doors to Alasco's offices are generally locked.
(b) Controlled key allocation
(i) A central, documented allocation of keys to the employees of Alasco by the office building operator/lessor is in place.
(c) Supervision and accompaniment of external persons
(i) Access by external service providers and other third parties may only take place with the prior authorisation and accompaniment of an Alasco employee.
(d) Closed doors and windows
(i) Employees are organizationally instructed to keep windows and doors closed or locked outside office hours.
(e) Physical and environmental security of server systems in data centres Alasco only uses server systems from data center operators who have a valid certification according to ISO/IEC 27001 and therefore implement appropriate technical and organisational measures for physical and environmental security, e.g.: ● The computer centre and the systems used there are housed in inconspicuous buildings that are not immediately recognisable as computer centres from the outside. ● Access to the data centre is managed by electronic access controls and secured by alarm systems that trigger an alarm as soon as the door is opened or held open. ● Access authorisation is authorised by an authorised person and withdrawn within 24 hours of an employee or supplier record being deactivated. ● All visitors must identify and register and are always accompanied by authorised personnel. ● Access to sensitive areas is additionally monitored by video surveillance. ● Trained security personnel guard the data center and its immediate surroundings 24 hours a day, 7 days a week.
Admission control. 1. Access to servers only via SSH key file. No other access method.
2. Website server physically separated from product servers
3. Grape testing servers physically separated from Grape production servers and have only dummy data
4. Configuration for production server (secret keys etc.) separated from code, versioned in Git only encrypted. Not available to developers.
Admission control. Bynder shall prevent unauthorized persons from gaining access to Bynder premises.
Admission control. Measures that prevent unauthorized persons from processing or using data protected by data protection laws. Description of the admission control system: · Access to appointman systems is only possible via individual VPN connections. · Access to server management is ensured by two-factor authentication. · Passwords are generated via local password managers with a minimum length of 12 characters and 2 special characters and (depending on the system) are provided with an expiry date for the regular change (6 months). · Use of firewalls.
Admission control. Measures to prevent unauthorised persons from gaining access to the data processing equipment used to process personal data. Y Access control guidelines and regulations Y Security areas are clearly defined Y Appropriate implementation of measures to secure the buildings Y Appropriate implementation of measures to secure Datacenter Access Y Security also outside working hours by alarm system and/or plant security Y Access only for authorized persons (company employees and external persons) Y Regulation for external parties Y Use of security badges Y Key Management Y Implementation of locks Y External staff is accompanied by Prodware staff
Admission control. The following implemented measures prevent unauthorized persons from accessing the data processing systems: ● Authentication with user and password ● Authentication with biometric data ● Use of anti-virus software ● Use of firewalls ● Use of mobile device management ● Use of VPN technology for remote accesses ● Encryption of data media ● Automatic desktop lock ● Encryption of notebooks / tablets ● Management of user permissions ● Creation of user profiles ● Central password rules ● Use of 2-factor authentication ● Logging of visitors (e.g. visitor book) ● General corporate policy on data protection or security ● Corporate policy for secure passwords ● Corporate "Delete/Destroy" policy ● Corporate "Cleandesk" policy ● General instruction to manually lock desktop when leaving workstation
