Logical Access Control. The goal of logical access control is to prevent unauthorized persons from using data processing systems that process and use personal data. Data terminals (PC, servers, network components) are accessed by means of authorization and authentication in all systems. Access control regulations include the following measures: • Passwords (lower and upper case letters, special characters, numbers, minimum 8 characters, changed regularly, password history) • Company ID with PKI encryption (two-stage security) • Role-based rights are tied to access ID (classified according to administrator, user, etc.) • Screen lock with password activation in user’s absence • Encryption of data storage devices while in transit (including notebook hard drives) • Use of firewalls and antivirus software including regular security updates and patches.
Logical Access Control. Logical access control procedures are in place, designed to prevent or mitigate the threat of unauthorized application access and data loss in corporate and production environments. Employees are granted minimum (or “least privilege”) access to specified Genesys systems, applications, networks, and devices as needed. Further, user privileges are segregated based on functional role and environment. Administrative controls set or restrict agent/user access to certain actions, setup areas, departments and folders. The Genesys operational system is only accessible with an authorized username (or email) and password combination. Usernames (and emails) must be unique throughout the entire Genesys system, and minimum password length and complexity requirements are enforced. Enhanced password controls, including initial login reset, rotation, aging, non-reuse and incorrect password lockout, are available to administrators in the user configuration settings. Single Sign On (SSO) integration is available to Enterprise subscribers using XXXX 2.0-compliant user management systems. User logins to Genesys are logged and reported within the application. Access to these reports can be restricted using permission settings.
Logical Access Control. Logical access controls provide a technical means to control user access to information and system resources. They control what information users can access, the programs they can run, and the modifications they can make. Entity must comply with the following logical access controls:
Logical Access Control. No unauthorized access to data processing systems is granted. Access to our electronic data pro- cessing systems through external interfaces is firewall protected. Sensitive services, which must not be accessible publicly, are protected through a VPN. Publicly accessible systems, such as email and internet access are isolated from other services through appropriate segmentation. HWD operates diverse, depending on the security classification, in part physically separated networks. All systems are password-protected and only allow user-specific access. Group access is not implemented. In addition to strong password requirements on the basis of internal password guidelines, a 2-factor-authentica- tion system is used for authentication on sensitive systems of HWD. HWD’s password policy, besides defining password complexity requirements, also includes additional framework parameters, such as the mandatory password resetting within defined terms, as well as prohibiting reuse of the same password. Access privileges to customer equipment are handled in detail according to specific customer instruc- tion and based on the services provided by HWD. According to HWD internal policies, depending on system type and classification, failed login attempts are responded to in different appropriate manners. Along with temporary access blocking, dynamic addition of network blocking, or permanent access removal, also logging and alerting takes place.
Logical Access Control. Unauthorised persons shall be denied access to data processing equipment with which personal data are processed or used. Userlane GmbH Xxxxxxxxxxx Xxx. 000x 00000 Xxxxxx Registry: HRB 000000 Xxxxxxxx Xxxxx Xxxxxx Board of Directors: Xxxxxxx Xxxx, Xxxxx Xxxxxxx Document Owner: Contact: xxx@xxxxxxxx.xxx Date of last modification: 19th May 2021 Page: 8 of 16 Access to Personal Data in Visitor Areas: It is ensured that personal data in the company is not freely accessible in visitor areas. Password Manager: A password manager is used in the company. The following password manager is used: Password Manager - Access Control: The used password manager offers sufficient access control and encrypted storage.
Logical Access Control. Authorised user names and individual passwords for accessing data processing systems.
Logical Access Control. Measures appropriate for preventing unauthorized persons from using data processing systems. Functional and/or time-limited assignment of user authorizations Creation of user profiles Password policy including regulations regarding password length, assignment and changes Assignment of user profiles to IT systems Authentication with user name / password Use of VPN technology Use of intrusion detection systems and intrusion prevention systems Use of central smartphone administration software (e.g. for external deletion of data) Use of antivirus software Use of a software firewall Use of a hardware firewall Laptop hard disc encryption Use of e-mail spam filters Additional login system for different applications
Logical Access Control. Measures suitable for preventing data processing systems from being used by unauthorized persons. After the creation of participant data by the service recipient in the user interface of Teamlove, personal data is only permanently stored on the web server. This data remains on the web server until it is deleted and is automatically evaluated on the web server. No other data carriers in the actual sense are used. This process architecture limits the possibilities for data access and makes them easier to control. The server protection is decisive for ensuring admission control. This is done via a secure shell in combination with public key authentication. Unrestricted access to the server database is possible only after logging on to the server. The database access is protected in the second step by a username/password combination. Protection of other non-public services is done by means of authentication by username and password. Within the framework of data protection and IT security of the service provider, a password policy exists for the secure use of passwords according to the state of the art. Passwords are managed in an encrypted password file (256-bit AES in combination with a passphrase). Firewall-, intrusion- and prevention systems and anti-malware or anti-virus software are used to further secure the web server. Documentation is provided via an internal wiki and ticket system.
Logical Access Control. No unauthorized system usage is provided. SSH keys are required when identifying trusted computers along with usernames and passwords. Two-step authentication is enabled on every cloud platform that is providing it (platforms such as AWS). Individual authentication credentials are not shared. SSH keys are frequently rotated. All end-points (computers, laptops, mobile phones) are using encrypted storage, secure passwords, and auto-locking mechanisms.
Logical Access Control. The Contractor takes in particular the following measures to prevent data processing systems from being used without authorization: For User identification and authentication: User ID, password procedures incl. password complexity requirements, reset of generated initial password on first use, periodic change of password, password history controls and automatic blocking (e.g. password request or timeout). A Quentry User session expires automatically after a period of inactivity. The Quentry system is hosted on Amazon Web Services (AWS). The Contractor uses the AWS Identity and Access Management to ensure that only specifically appointed and authorized employees of the Contractor have access to the Quentry system for support and maintenance. All Users with elevated access rights will be required to use AWS Multi-Factor Authentication. On network level the AWS Security Groups (firewall) are configured to restrict administrative access to the Quentry system only to inbound connections from the secured network of the Contractor. AWS is utilized for User authentication (storage of User name and password). The network connection from the Quentry system to the AWS system is encrypted via SSL. The passwords are stored encrypted.