Confidentiality (Art. 32, para 1(b) GDPR)
Access control
Rooms and buildings
Unauthorized persons must be prevented from entering data processing facilities in which personal data is processed or used, resp. in which personal data is stored.
Security areas
All Riege Software employees can access the office buildings (Security Area I). The business premises are secured at all times through a locked security door that can be opened using a security key, resp. in the daytime via a transponder. All guests are being registered and receive a visitor badge. Entry is monitored by company employees. In addition, the rooms are secured by an alarm system outside normal business hours.
Personal data are stored in data centers (Security Area II)
- Internal data centers (on the company’s premises):
- Access to Security Area I is controlled using a transponder for the alarm system and a security key for the locking system
- Access to Security Area II (separate door) is granted to authorized personnel using transponders
- The alarm system is connected to an external security service
- External data centers:
- Alarm system, installed by the data center operator
- Implementation of safety doors
- Entry is only granted to authorized personnel, whereby these are required to submit their ID cards / passports at reception
- Entry is logged in a key book
- The racks are secured using separate locks
Specification of individuals to be granted entry access
The management determines which personnel are to be granted entry access.
Visitors and external staff
Visitors may only access Security Area I and are always accompanied by a Riege Software staff member. External staff, in particular telecommunication service providers,
- are always accompanied and monitored by authorized staff members inside the internal data centers (Security Area II)
- are registered at the external data centers by authorized staff members for temporary access and following a respective check; the entry specifications described above apply
All cleaning, maintenance and security staff can access Security Area I and are selected carefully and required to undertake an obligation to observe data secrecy in accordance with GDPR and business secrets.
Non-authorized persons are denied access to the security areas.
Access control
IT systems, applications
Unauthorized persons must be prevented from using data processing systems.
Authentication
System access is provided through an authentication process based on individual user accounts. The respective passwords are only known to the users to which they are assigned. Trivial passwords are ruled out through technical means, the minimum length being 14 characters. During a period of inactivity, users are automatically logged off after having used a console to access server systems and in the case of PCs, password-protected screen savers are initialized.
At operating system level (e.g. SSH), authentication via an asymmetric cryptosystem (key) is possible instead of using a password.
Logs
All successful and unsuccessful authentication attempts to access the systems are logged in log files. User accounts will be locked automatically after five successive failed login attempts to our Windows domain and have to be unlocked manually by IT staff again.
Encryption
Mobile data media are encrypted, in as far as personal data or data which can be linked to specific persons are stored on these media. This also applies to the hard drives of all mobile devices. State-of-the-art encryption procedures are used.
State-of-the-art VPN technology is deployed for unsecured networks, in particular the Internet, in order to provide employees and customers with access to data in line with the authorization scheme.
Authentication data are encrypted using state-of-the-art encryption protocols and algorithms whilst in transit.
User master records
Each individual user has his own master record
In application software (such as Procars, Scope and web services), authorized users are either
- appointed by the Controller; one master record is maintained per user, or
- managed directly by the Controller. The Controller must take measures to prevent unauthorized persons from accessing his data processing systems (primarily through the use of long passwords).
Smartphones
A separate network is provided for devices with mobile Internet access, such as smartphones. Regulations are in place to prohibit any other usage, particularly in internal networks.
Access control
Data access
Steps must be taken to ensure that persons authorized to use the data processing system may only access data to which they have specifically been granted access and that personal data cannot be read, copied, modified or removed without authorization during the processing, usage or storage of such data.
Authorization scheme
The access rights at Riege Software are specified by the management and set down and controlled in an accordingly documented process.
Group rules govern access for authorized staff members, whereby the rights correspond to the respective work areas and are accordingly restricted. Administrators have unlimited access to all data. Support and software development staff can access customer data through the applications whilst outside the applications (for example, databases), only read rights are granted, whenever possible.
Data manipulation
Customer data is only accessed or manipulated upon the explicit request of the Controller, or where this is required during the error analysis process. This is documented using a support ticket system (electronical records).
Serious modifications to database systems (e.g. statements to modify a number of different data records) are prepared, tested and executed based on the four-eye-principle / multi-eye principle.
Customer systems
In the case of application software, such as Procars, Scope or web services, the Controller defines the rights of his users using group rules, modules or via the respective branch.
Logs
At operating system level, logins and logouts are primarily stored in the log files whilst the commands entered by the individual users are stored in the history. Scope logs the creation, last modification and deletion of data in log files. Any manipulations carried out on database systems are recorded in tickets and in a log book (documentation).
All logs are stored for at least 6 months; the history contains the last 1,000 commands entered.
Data destruction
Discarded files and old data media are stored securely and destroyed in a correct and appropriate fashion.
Security management
Software is updated at regular intervals according to the system of releases deployed by the manufacturer. Security-relevant updates are regularly evaluated and, where deemed urgent, installed within seven days.
Segregation control
Purpose-oriented
Functional segregation
The systems are segregated and accommodated in different environments depending on whether they constitute a production, test or development system. Software updates for the production environment are released via a differentiated procedure.
Segregation of customer systems
Data belonging to different Principals are logically segregated. This segregation is achieved using access control mechanisms, resp. logical sub-networks (VLANs).
A Principal is only able to view his own data and is unable to access data belonging to third parties.
Integrity (Art. 32, para 1(b) GDPR)
Transmission control
Logs
All data transfers are electronically logged.
Storage
The systems governing access control (entry access, physical access to the systems, and access to specific data), together with the associated protective measures, prevent the unauthorized reading, copying and modification of data.
Input control
Steps must be taken to ensure that it is possible in arrears to check and determine whether personal data has been entered into, modified or removed from data processing systems and by whom.
Traceability
The system prevents data being entered manually and anonymously during processing. User logins are logged in respective log files. The applications themselves store all manipulations, together with the name of the user and a respective time stamp internally.
Availability and resilience (Art. 32, para 1(b) GDPR)
Availability control
(Data)
Steps must be taken to ensure that personal data are protected against accidental loss and destruction.
System-related measures
All data sent to Riege Software for processing are stored in redundant hard drive systems equipped with RAID controllers. The systems are also connected redundantly to several different power supplies (e.g. UPSs).
Monitoring
The status of all systems and services is monitored and regularly checked. An alarm is also issued outside normal business hours.
Infrastructure services
Central infrastructure services (such as databases, firewall systems and network components) are designed to be redundant.
Firewall / anti-virus protection
Riege Software deploys a "Unified Threat Management" system (packet filter, intrusion prevention system, web proxy) which protects against malware both at firewall system level as well as on the individual PCs.
PCs, internal email systems and proxy servers used by staff members are equipped with anti-virus scanners.
Fire protection / temperature monitoring / electrical circuit protection
In Meerbusch, the server room is air-conditioned and equipped with a fire alarm system and fire extinguishers. The data center in Frankfurt is equipped with early fire detection and sprinkler systems. The temperatures in all the data centers are constantly monitored.
In addition, the data centers have separate power circuits which are amply dimensioned.
Data storage
All data collected in the EU is stored solely within the EU.
Restore in a timely manner (Art. 32, para. 1(c) GDPR)
The availability of and access to personal data must be rapidly restored in the event of a physical or technical incident.
A daily backup is performed and synchronized between the EU data centers. A copy is also written to tape and securely stored externally. The statutory retention periods are adhered to.
An established incident management process ensures rapid detection and communication in case of system failure. Roles between teams are defined to efficiently handle the incident. Data can be recovered quickly from the backup system of the local data center if needed.
Process for regular testing, assessment and evaluation (Art. 32, para. 1(d) GDPR; Art. 25, para. 1 GDPR)
Data protection management
A procedure for regularly reviewing, testing and evaluating the effectiveness of the technical and organizational measures to ensure the safety of the processing is to be implemented in the company.
Compliance with the technical and organizational measures pursuant to Art. 32 GDPR by Riege Software is ensured by the following measures:
- Riege Software has appointed an external data protection officer (for details, see "Agreement pertaining to commissioned data processing"), which audits compliance with statutory data protection regulations at regular intervals.
- The internal data protection team has developed a data protection management system which is coordinated with the data protection officer.
- The employees are committed to the data secrecy according to GDPR and are trained annually on the subject of data protection.
- A privacy policy is existing that all employees are familiar with.
Incident response management
In the event of a personal data breach, the Responsible Party shall notify the appropriate authority referred to in Article 55 GDPR without delay and within 72 hours after becoming aware of the breach.
Riege Software has a detailed incident management for data protection incidents that defines the necessary processes. This includes in detail:
- The identification and reporting of the incident.
- The analysis, categorization respectively prioritization and risk assessment of the incident.
- The notification to the management, to the data protection officer and to the supervisory authorities.
- The information of the data subjects concerned.
Riege Software shall inform the Controller immediately of any operational failures.
Default settings that are conducive to data protection (Art. 25, para. 2 GDPR)
The Responisble Party shall take appropriate technical and organizational measures to ensure that, by default, only personal data whose processing is required for the particular specific purpose is processed.
The technical settings for the processing of personal data within the systems of Riege Software have been chosen so that this data are collected and processed only to an extent necessary and earmarked. Processing beyond this scope is not intended or will not be carried out without the consent of the person concerned.
Job control
Measures that are designed to guarantee that personal data destined for commissioned processing can only be processed according to the Controller's instructions.
Issuing instructions and job processing
There are defined processes in place for job control at the Processor. All relevant changes to database systems are prepared, tested and executed by different roles according to the four- or multi-eye principle.
All the jobs and respective logging are conducted using Riege Software's support ticket system. All jobs are commissioned by the Controller in writing (e.g. via email). Oral instructions issued by the Controller must be confirmed immediately in writing.