Technical and Organizational Measures

The contractor takes the following technical and organizational measures to ensure data security within the meaning of Art. 32 GDPR.

1. Psyeudonymization and Encryption

  • Https encryption in web communication
  • Pseudonymization before permitted statistical evaluation

2. Ability to ensure the ongoing confidentiality, integrity, availability and resilience of the systems and services related to the processing

  • Access to systems only with individual usernames and passwords
  • Authorized persons can only access data authorized for them
  • stored personal data can only be read, copied, changed or removed within the framework of the concept
  • current virus software
  • Protection of email traffic
  • firewall
  • Separation of the productive, test and development environment
  • Resilience through scalability
  • Obligation of employees to data secrecy
  • Training of employees
  • Password Assignment Policy
  • Password Policy
  • authorization control
  • access logs
  • No access for unauthorized persons
  • Access controlled by employees during business hours
  • Each office with PC system can be locked individually
  • Secure disk erasure
  • Ban on the use of private data carriers
  • Central rights and assignment management for jobs
  • Regulations for working from home
  • Fire extinguishers and smoke detectors
  • Data Center:

3. Ability to quickly restore the availability of and access to personal data in the event of a physical or technical incident

  • Data backup and mirroring
  • backups
  • special physical protection of the data in the data center

4. Procedures for regularly checking, assessing and evaluating the effectiveness of the technical and organizational measures of processing

  • Regular review of the necessity of access rights
  • Key and access rights assignment control
  • test reports

Published under:
Technical and organizational measures of the contractor