DATA SECURITY

With today’s IT systems, it is possible to collect and unimaginably large amount of information and data very quickly. Unfortunately, external attacks, data theft and human error can lead to loss of confidential data. At WBS we are focused on data security in all that we do. We do not only do what is necessary from a legal and regulations perspective, but to go beyond with further securing our operational setup. We make sure that our customers data is safe at all time, both in transit and at rest.

General overview

The following provides an overview of the most important points to highlight with regard to data protection with WBS.

  • WBS is committed to encrypt all communications between the servers and the WBS platform of the customer
  • WBS undertakes to provide access permissions/ authorization processes specifying which users have access to personal data
  • WBS will terminate log in capabilities after a certain number of failed log in attempts
  • Data, that is processed by WBS and used by WBS will be exclusively for the operation of WBS
  • In the event of contract termination by the customer, WBS is obligated terminate the customer instance within 60 days after the last accounting period, with all data being Concern Data deleted

In more detail

Where possible we locate our servers in the country of service and with the following attributes:

PHYSICAL SECURITY

Data centers

We access data centers are state of the art, utilizing innovative architectural and engineering approaches. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. All physical access to data centers by employees is logged and audited routinely.

Fire Detection and Suppression

Automatic fire detection and suppression equipment has been installed to reduce risk. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms and generator equipment rooms. These areas are protected by either wet-pipe, double-interlocked pre-action, or gaseous sprinkler systems.

Power

The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide back-up power for the entire facility.

Climate and Temperature

Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Data centers are conditioned to maintain atmospheric conditions at optimal levels. Personnel and systems monitor and control temperature and humidity at appropriate levels. Management T-System monitors electrical, mechanical, and life support systems and equipment so that any issues are immediately identified. Preventative maintenance is performed to maintain the continued operability of equipment.

TECHNICAL SECURITY

Security and network services

Provide a virtual firewall that can be configure by adding new services to the routing table. The firewall separates services with Internet connection from all other internal services and can provide load balancing, firewall NAT, and other features.

Transmission Protection

WBS connects to an access point via HTTPS using Secure Sockets Layer (SSL), a cryptographic protocol that is designed to protect against eavesdropping, tampering, and message forgery.

Network Monitoring and Protection

WBS utilizes a wide variety of automated monitoring systems to provide a high level of service performance and availability. Monitoring tools are designed to detect unusual or unauthorized activities and conditions at ingress and egress communication points. These tools monitor server and network usage, port scanning activities, application usage, and unauthorized intrusion attempts.

Firewall

This system is placed upstream of the physical firewall and acts as a reverse proxy.

Data Transfer

All data transferred to and from WBS’s users and our servers are encrypted with a 256-bit SSL certificate. All data transfers to and from WBS’s mobile and browser apps are encrypted with this 256-bit certificate. All internal data transfers between WBS’s servers are protected by vShield Edge – which creates a secure and logically isolated portion on the T-Systems infrastructure.

Database Security

WBS’s databases are all stored on an industry standard encrypted file system using AES-XTS-PLAIN64 with a 512bit key. All databases is backed up fully once every day. The backups are kept for 60 days.

Files

All files uploaded by the user will be scanned for virus before being accepted into the file archive.

Files that have been rejected by the virus scanner will not be backed up since they never touch the hard disks.

Access Control

All passwords of our users are hashed with unique salts. More specifically, the passwords are hashed using SHA512 with the use of an industry standard stretching technique. As such, if the database should have been compromised, an intruder would not be able to read the passwords.

The passwords has a minimum of 8 digits or characters. The password has to consist of three of the following: Uppercase, lowercase, numbers, special characters.

Failed log in attempts are registered and blocked for 24 hours after 5 failed attempts.

ORGANISATIONAL SECURITY

Authorizations

All employees in WBS who have access to personal data are authorized by WBS. Such authorizations indicate the access and for what purposes the individual employee has been given access to. WBS employees are only authorized to access the Concern Data for operational or technical purposes. WBS’s employees do not have access to personal data that is not covered by their authorization. The number of employees at WBS with this authorization is kept to a minimum. WBS verifies and updates authorizations continuously. Such authorizations will be adjusted or cancelled when an employee changes position, responsibility or resigns. WBS’s platform is set up so that the customer can authorize its employees based on roles with different permissions and rights. Other users of the solution must also be subject to authorizations that provide appropriate access. All new and revoked authorizations are logged.

Confidentiality

All employees of WBS that may have access to personal data are in their employment agreements subject to confidentiality. Confidentiality is also maintained by WBS after the termination of WBS’s agreement with the customer. WBS employees are covered by confidentiality obligations even after their termination.

If you have any questions regarding our security feel free to contact [email protected]