Security Statement



SABIO regards the protection of customer data through employment of state-of-the-art technology and application of established and proven industry standards a top priority. Numerous of our well-known customers from sectors like telecommunication, finance and insurance, utility, health care and many more already assured themselves of the data security of our service and entrust their data to SABIO in our hosting. This security statement is meant for creating transparency regarding our technical and organizational security measures, so you are able to assure yourself, that data security is taken seriously at SABIO and that your data is protected accordingly.


Secure data center and operation

SABIO hosts its applications on dedicated servers located in certified data centers in Germany. These data centers innately provide the following security measures for data protection and processing:

Physical security

  • ISO 27001 Certification

    SABIO solely cooperates with data centers fulfilling the ISO 27001 standard.

  • Access control and monitoring of the infrastructure

    Data centers are manned and monitored around the clock, seven days a week. Comprehensive security measures (amongst others: alarm systems, video surveillance, chip card access, admission concept for server room and many others) prohibit unauthorized access to data processing equipment.

  • Environmental Surveillance and Control

    Controlled operation of the infrastructure by employment of air-conditioning and humidity control. Security measures like uninterrupted power supply, smoke and fire alarm systems, video surveillance and corresponding reaction utilities are installed. Proceedings for external interferences are managed a comprehensive contingency plan.

  • Data Storage in Germany

    Our customer’s data is stored entirely on dedicated servers in data centers located in Germany. Our servers are stored in locked racks.

  • Regular Examinations of security measures

    Data centers are examined on a regular basis by external audits, customer audits and audits by SABIO’s data protection officer.


Securing availability

  • Availability of the Application

    Consistent monitoring of availability and performance ensures immediate notification of SABIO personnel in case of a disturbance of operation, in line with an automated escalation process.

  • Operation in Clusters and Load-Balancing

    Prevention of single-points-of-failure and flexible scalability are the basic concept. The risk of long-term system failures is significantly reduced by redundant system components and servers, scalable system architecture, the operation of the application in a cluster. The use of firewalls and load-balancing ensures an optimal performance when using SABIO.

  • Database-Failover

    Storing of data in one productive and one backup database. The utilization of the backup database in case of a fail over is possible within less than an hour.

  • Redundant network connection

    Completely redundant network connections to the data center’s backbone and the exterior IP-connection.

  • Redundant Infrastructure

    Redundant servers as well as internal and external power supply units. The data center provides backup power supplies (main supply, transformer, online UPS, emergency generators based on diesel engines in an outdoor area).

  • Backup and Restore

    Daily backup and separately storage of media for data storage (data vault). The storage time is stipulated by contract. The backup storage is encrypted.


Network security

  • Security Scans
  • Regular security scans are conducted on IP-addresses accessible via internet. The detection of vulnerabilities triggers immediate measure to secure these weak spots.

  • Access Control
  • A hardware firewall protects the network from unauthorized access. SABIO’s data traffic is separated through subnets inside the network of the data center. The network is monitored against attacks around the clock.

  • Security Patches
  • Security relevant updates are applied in line of the path management process.

  • Access Control During Operation
  • To ensure solely authorized access by technical personnel, measures like Secure VPN, multi-level authentication and role-based access control are employed. For secure 3remote access SSH is employed as protocol.

  • Logging and Auditing
  • Access is logged in automatically generated log files, stored temporarily and evaluated in suspected cases of unauthorized access. Periodic and automatic deletion by rotation.


Secure application and user-security

Data security is already a top priority during development. SABIO offers the following security features off-the-shelf:


Security features in SABIO off-the-shelf

  • SSL / TLS-Encryption

    Communication with SABIO happens via SSL/TLS communication (Secure Socket Layer/Transport Layer Security) to ensure access to the customer’s data via secure connection.

  • User Authentication
  • Separate user session are identified distinctly and verified anew during every transaction. User accounts possess unique usernames and passwords to be provided at every login. SABIO support secure authentication by means of single-sign-on (WebSSO) and the use of SAML.

  • Encryption of Sensitive Data
  • SABIO only stores user data necessary for the secure use of the application. Sensitive user data is encrypted and stored on database level. The encryption is dissolved on the web server only. SABIO employees have no access to customer passwords.

  • Access Control During Use of SABIO
  • User transactions are logged related to dataset and timestamp. SABIO changes customer data only following a request in written form.

  • Software-based Separation of Customer Data (Multi Tenancy)
  • Every customer works in his own client environment. The data is separated distinctly by the software, ensuring that every customer is solely able to see and edit his own data.

  • Internal Tests and Evaluation by external Audits
  • System-functionality and design changes a evaluated during development in a separated “sandbox”-environment. These tests conducted by SABIO cover functionality, scalability and security. In addition regular evaluations regarding confidentiality are conducted by external auditors (pentests).


Configurable security features

In addition to security features previously mentioned, SABIO allows the individual configuration of several data protection measures.

  • User Specific Data Access and System Features
  • SABIO offers a configurable role- and permissions-concept, determining the functional range per user. Configurable branches determine the visibility of data per customer. System settings controlling the

  • Password Security
  • SABIO offers customers the configuration of parameters regarding password security (e.g. character settings, validity, deactivation and many more).

  • Anonymization of User Data
  • Reporting on user level, as well as the displaying of user data in the system can be deactivated.

  • Access Limitations via IP-Addresses
  • Access can be limited to specified IP-addresses per customer.


Data Protection in our Organization

Data protection and privacy issues are deeply seated in SABIO’s organization and has dedicated personnel at its disposal, accountable for data protection.

  • Information Security Guidelines
  • The effectual guidelines for data protection are determined by an information security management system (ISMS).

  • Organization
  • SABIO’s data protection and IT security officers are accountable for data protection and security, as well as responsible for answering any questions that could arise regarding these topics.

  • Confidentiality
  • All personnel employed in data processing are bound and instructed regarding confidentiality referred to §5 BDSG.

  • Data Protection Training
  • SABIO employees are instructed and tested regularly, regarding data protection and privacy. Data protection and privacy are obligatory topics for new employees in our onboarding program.


AWS certifications

  • ISO 27001
  • ISO 9001
  • PCI DSS LEVEL 1
  • SOC1/SSAE 16/ISAE 3402 (formerly SAS 70)
  • SOC 2
  • SOC 3
  • FISMA; DIACAP, and FedRAMP
  • DOD CSM Levels 1-5
  • ITAR
  • FIPS 140-2
  • MTCS Level 3

For further information please do not hesitate to contact us via info@sabio.de.



As of: 12 January 2017