Security

In order to provide a secure ICT service we follow our following principles:

Identity Management
Identity Management means all procedures and regulations, systems and services that are used to create and manage the digital identities including rights and other attributes for users. The following measures are applied:

  • Roles and Responsibilities
    For each task and related activity, responsibilities are clearly assigned to individuals.
  • Monitoring of User Activities
    Logs and repositories are used to monitor and detect unauthorized access and activities.
  • User Guidance
    A user manual is developed and communicated to all SIS engineers.
  • Credential Management
    Each user gets a credential and the possibility to renew it. Credentials may be disabled or revoked in certain cases.

Remote User Access
Remote User Access means all client components that are used to securely communicate via the WAN. The following measures are applied:

  • User Guidance
    Once the SIS engineer connected to the customer via the Internet, all data traffic is encrypted between the workplace computer and the gateway. This encryption is achieved by using the IPSec protocol or SSL-tunnelling (SSL-VPN).
  • Personal Firewall
    A personal firewalls on SIS workplace computers is installed, configured and switched on.
  • Authentication via (one time) Password
    SIS engineers use a personal password as a credential to verify their identity and to get connected to the customer.