SECURITY AND PRIVACY
Your data is in best hands
The reliable and trouble-free operation of our systems and the security of your personal data have highest priority. Through continuous investments in security infrastructure, we can guarantee the highest possible level of availability and security.
Following we will desribe the required level of abstraction of your data for full security and protection as well as actions to optimise performance . Of course, details can be discussed in a personal communication.
Compliance with German and European data protection regulations we are also taking recommendations of accredited commitees of data security and IT into account which is part of our facultative self-regulation and control.
HR Diagnostics only collects personally identifiable information with the consent of the person concerned, specifying the intended use. Other data are collected by HR Diagnostics in the form usually employed by web servers, i.e. connection information. These data do not allow any conclusions about the identity of the user. Any further processing and analysis of these data is carried out anonymously.
Any transmission of data to third parties is generally prohibited.
- 24-hour availability 365 days a year
- High performance thanks to a fast connection and modern servers
- Guaranteed system availability in the event of hardware failures
- Guaranteed system availability even in the event of two of the three redundant internet connections
- 128-bit SSL encryption of all communications
- Physical and logical protection of all candidate data
- Compliance with German and European data protection rules
- Regular external security audits and penetration tests – most recently successfully conducted and passed in January 2016
- No disclosure of data to third parties
The cornerstone of the security concept is the location of the server clusters in one of the most modern and energy-efficient data centres in southern Germany, which provides optimum conditions regarding safety and availability including:
- Multi-level security concept to protect the system against unauthorised access and other security risks
- ID card access system
- Area-specific access restrictions
- Video surveillance of interior and exterior areas
- Dual, independent fire detection systems; Indoor air testing by laser detectors
- Nitrogen fire-extinguishing system to avoid water damage to the hardware
- Servers within the DMZ can only be accessed via http and https online, double-sided protection of the DMZ through powerful firewalls
- Servers within the intranet cannot be accessed directly from the internet
- Securing of web applications on NAS
- Full backups of databases on NAS
- Backup intervals and periods structure according to service level
- Air-conditioned location with redundant power supply and emergency generator
- Air condition of the room and the cabinets and racks through a raised floor.
- Uninterruptible power supply
- Backup emergency power supply from independent external units; several hours battery backup for bridging times
- Use of modern server systems with multiprocessors with Linux and the latest patch level as application and web servers
- Operation of the database server on Windows 64-bit servers with Microsoft SQL Servers
- The Web servers run on Apache 2, and the application servers with Apache Tomcat and Java EE
- Application servers can be operated with a high number of transactions via a dispatcher/reverse proxy in the cluster. Additional circuit application servers can be added during operation.
- Use of failover servers for databases