Electronic Access Control. No unauthorized use of the Data Processing and Data Storage Systems, e.g.: (secure) passwords, automatic blocking/locking mechanisms, two-factor authentication, encryption of data carriers/storage media; The measures of electronic access controls are: • Use of unique IDs for all employees • Password policy defining password complexity requirements • Use of password manager • Enforcement of secure passwords • Multi-factor authentication in identity providers • Automatic blocking (e.g. wrong password, timeout) • Secure deposition of master and administrative passwords of all relevant IT systems • User rights are assigned to unique IDs • Usage of Mobile Device Management • Full-disk encryption of mobile devices and monitored via MDM • Usage of cryptographic methods that are state of the art, e.g., TLSv1.2+ • Data center operations outsourced • Regulation of data organization inclusive logging, reporting of data usage • Usage of data protection bin
Electronic Access Control. (FOB) System: Each employee shall be required to swipe their "fob" against the electronic access card reader located at main entry point to the school building upon entering and exiting the school building at all times. The reader records their time in the system. In order to prevent unauthorized individuals from access in the buildings, an employee will immediately report any lost or stolen fob to their supervisor. A fob assigned to an individual shall be used solely by the individual it is assigned to. At the time of separation from service, the fob will be returned to the district.
Electronic Access Control. (FOB) System:
Electronic Access Control. No unauthorised use of the Data Processing and Data Storage Systems, ensured by passwords, automatic blocking/locking mechanisms, two-factor authentication, encryption of data storage media.
Electronic Access Control. No unauthorized use of the Data Processing and Data Storage Systems, e.g.: (secure) passwords, automatic blocking/locking mechanisms, two-factor authentication, encryption of data carriers/storage media; The measures of electronic access controls are: • Encryption of data and data media e.g., different TLS Versions and algorithms (e.g., AES,3 DES) • Encryption of clients especially laptops. • Servers are hosted in secured data centers • Password policy including minimum length, special characters, change routine of password • Re-login with username and password after time of user-inactivity (e.g. 5 minutes) • No written user-password • Secure deposition of master and administrative passwords of all relevant IT-Systems • Creation of one master record per user via Azure AD • Automatic blocking (e.g. wrong password, timeout) • Usage of username and passwords for all users • User rights are assigned • Role- based concept of user-structure and user-rights • Multifactor authentication • Regulation of data organization inclusive logging, reporting of data usage
Electronic Access Control. No unauthorised use of the Data Processing and Data Storage Systems ☒ Assignment of user rights ☒ Creation of user profiles ☒ Password allocation ☐ Authentication by means of biometric ☒ Authentication by means of user name / procedure Password ☒ Assignment of user profiles to IT systems ☐ Locking for housings ☒ Deployment of VPN technology ☒ Safety locks ☐ Blocking of external ports (USB etc.) ☒ Key provision If yes, which ports (issue of keys etc.) ☐ Identity check with gatekeeper / reception ☒ Diligent selection of cleaning staff ☐ Visitors’ log ☒ Encryption of data carriers in laptops / ☒ Encryption of mobile data carriers notebooks ☐ Diligent selection of security staff ☐ Duty to wear authorisation passes ☒ Use of intrusion/detection Systems ☐ Use of central Smartphone Administration Software (f. ex. for the deletion of data) ☒ Use of Anti Virus Software ☐ Encryption of Smartphone Contents ☒ Use of a Hardware Firewall ☐ Use of a Software Firewall ☒ Not relevant, since data processing takes place exclusively on the client's systems
Electronic Access Control. Those authorized to use a data processing system have exclusive access to those personal data which are covered by their authorization. Detailed Description Xxxxxxxx: Availability and Resilience Recoverability It is ensured that systems can be restored in case of a malfunction.
Electronic Access Control. Potential use of data processing systems by unauthorized persons is to be prevented. Each Party has implemented the following access control measures for systems and networks, in which personal data are processed or through which access to personal data is possible:
1. Effective access authorization controls through personalized and unambiguous user identification and a secure authentication process.
2. Documented and comprehensible processes for obtaining, changing, and rescinding access authorizations.
3. Restricting access authorizations to contract data to the necessary minimum.
4. Xxxxxxx and documented review whether the granted access authorizations are up-to-date.
5. Reasonable measures for the protection of end-devices, servers, and other infrastructure elements against unauthorized access (e.g. secure passwords, automatic blocking/locking mechanisms two-factor authentication, encryption of data carriers/storage media, virus protection, firewall, intrusion detection systems).
Electronic Access Control. 2.1 All accounts are password-protected. Users are provided visual feedback about the complexity of their password, which encourages them to select a stronger password when applicable. Passwords are stored fully encrypted on the KoboToolbox Server, utilizing the default open-source framework provided by Django, which uses the PBKDF2 algorithm with a SHA256 hash.
2.2 All database content is encrypted at rest (database-level encryption).
2.3 Users can choose to enable encryption of their project data (data-level encryption) which renders it inaccessible at all stages of data processing and requires a private key to decrypt it locally.
2.4 Users found to abuse the use of their API keys by overburdening the KoboToolbox Server may be suspended or their account may be restricted.
Electronic Access Control. Zugangskontrolle")
