SABIO regards the protection of customer data through employment of state-of-the-art technology and application of established and proven industry standards a top priority. Numerous of our well-known customers from sectors like telecommunication, finance and insurance, utility, health care and many more already assured themselves of the data security of our service and entrust their data to SABIO in our hosting. This security statement is meant for creating transparency regarding our technical and organizational security measures, so you are able to assure yourself, that data security is taken seriously at SABIO and that your data is protected accordingly.
SABIO hosts its applications on dedicated servers located in certified data centers in Germany. These data centers innately provide the following security measures for data protection and processing:
SABIO solely cooperates with data centers fulfilling the ISO 27001 standard.
Data centers are manned and monitored around the clock, seven days a week. Comprehensive security measures (amongst others: alarm systems, video surveillance, chip card access, admission concept for server room and many others) prohibit unauthorized access to data processing equipment.
Controlled operation of the infrastructure by employment of air-conditioning and humidity control. Security measures like uninterrupted power supply, smoke and fire alarm systems, video surveillance and corresponding reaction utilities are installed. Proceedings for external interferences are managed a comprehensive contingency plan.
Our customer’s data is stored entirely on dedicated servers in data centers located in Germany. Our servers are stored in locked racks.
Data centers are examined on a regular basis by external audits, customer audits and audits by SABIO’s data protection officer.
Consistent monitoring of availability and performance ensures immediate notification of SABIO personnel in case of a disturbance of operation, in line with an automated escalation process.
Prevention of single-points-of-failure and flexible scalability are the basic concept. The risk of long-term system failures is significantly reduced by redundant system components and servers, scalable system architecture, the operation of the application in a cluster. The use of firewalls and load-balancing ensures an optimal performance when using SABIO.
Storing of data in one productive and one backup database. The utilization of the backup database in case of a fail over is possible within less than an hour.
Completely redundant network connections to the data center’s backbone and the exterior IP-connection.
Redundant servers as well as internal and external power supply units. The data center provides backup power supplies (main supply, transformer, online UPS, emergency generators based on diesel engines in an outdoor area).
Daily backup and separately storage of media for data storage (data vault). The storage time is stipulated by contract. The backup storage is encrypted.
Regular security scans are conducted on IP-addresses accessible via internet. The detection of vulnerabilities triggers immediate measure to secure these weak spots.
A hardware firewall protects the network from unauthorized access. SABIO’s data traffic is separated through subnets inside the network of the data center. The network is monitored against attacks around the clock.
Security relevant updates are applied in line of the path management process.
To ensure solely authorized access by technical personnel, measures like Secure VPN, multi-level authentication and role-based access control are employed. For secure 3remote access SSH is employed as protocol.
Access is logged in automatically generated log files, stored temporarily and evaluated in suspected cases of unauthorized access. Periodic and automatic deletion by rotation.
Data security is already a top priority during development. SABIO offers the following security features off-the-shelf:
Communication with SABIO happens via SSL/TLS communication (Secure Socket Layer/Transport Layer Security) to ensure access to the customer’s data via secure connection.
Separate user session are identified distinctly and verified anew during every transaction. User accounts possess unique usernames and passwords to be provided at every login. SABIO support secure authentication by means of single-sign-on (WebSSO) and the use of SAML.
SABIO only stores user data necessary for the secure use of the application. Sensitive user data is encrypted and stored on database level. The encryption is dissolved on the web server only. SABIO employees have no access to customer passwords.
User transactions are logged related to dataset and timestamp. SABIO changes customer data only following a request in written form.
Every customer works in his own client environment. The data is separated distinctly by the software, ensuring that every customer is solely able to see and edit his own data.
System-functionality and design changes a evaluated during development in a separated “sandbox”-environment. These tests conducted by SABIO cover functionality, scalability and security. In addition regular evaluations regarding confidentiality are conducted by external auditors (pentests).
In addition to security features previously mentioned, SABIO allows the individual configuration of several data protection measures.
SABIO offers a configurable role- and permissions-concept, determining the functional range per user. Configurable branches determine the visibility of data per customer. System settings controlling the
SABIO offers customers the configuration of parameters regarding password security (e.g. character settings, validity, deactivation and many more).
Reporting on user level, as well as the displaying of user data in the system can be deactivated.
Access can be limited to specified IP-addresses per customer.
Data protection and privacy issues are deeply seated in SABIO’s organization and has dedicated personnel at its disposal, accountable for data protection.
The effectual guidelines for data protection are determined by an information security management system (ISMS).
SABIO’s data protection and IT security officers are accountable for data protection and security, as well as responsible for answering any questions that could arise regarding these topics.
All personnel employed in data processing are bound and instructed regarding confidentiality referred to §5 BDSG.
SABIO employees are instructed and tested regularly, regarding data protection and privacy. Data protection and privacy are obligatory topics for new employees in our onboarding program.
As of: 12 January 2017