Electronic Access Control. No unauthorised use of the Data Processing and Data Storage Systems, ensured by passwords, automatic blocking/locking mechanisms, two-factor authentication, encryption of data storage media.
Electronic Access Control. (FOB) System: Each employee shall be required to swipe their "fob" against the electronic access card reader located at main entry point to the school building upon entering and exiting the school building at all times. The reader records their time in the system. In order to prevent unauthorized individuals from access in the buildings, an employee will immediately report any lost or stolen fob to their supervisor. A fob assigned to an individual shall be used solely by the individual it is assigned to. At the time of separation from service, the fob will be returned to the district.
Electronic Access Control. No unauthorized use of the Data Processing and Data Storage Systems, e.g.: (secure) passwords, automatic blocking/locking mechanisms, two-factor authentication, encryption of data carriers/storage media; Description of existent or taken measures by processor: The measures of electronic access controls are: • Use of unique IDs for all employees • Password policy defining password complexity requirements • Use of password manager • Enforcement of secure passwords • Multi-factor authentication in identity providers • Automatic blocking (e.g. wrong password, timeout) • Secure deposition of master and administrative passwords of all relevant IT systems • User rights are assigned to unique IDs • Usage of Mobile Device Management • Full-disk encryption of mobile devices and monitored via MDM • Usage of cryptographic methods that are state of the art, e.g., TLSv1.2+ • Data center operations outsourced • Regulation of data organization inclusive logging, reporting of data usage • Usage of data protection bin
Electronic Access Control. No unauthorised use of the Data Processing and Data Storage Systems ☒ Assignment of user rights ☒ Creation of user profiles ☒ Password allocation ☐ Authentication by means of biometric ☒ Authentication by means of user name / procedure Password ☒ Assignment of user profiles to IT systems ☐ Locking for housings ☒ Deployment of VPN technology ☒ Safety locks ☐ Blocking of external ports (USB etc.) ☒ Key provision If yes, which ports (issue of keys etc.) ☐ Identity check with gatekeeper / reception ☒ Diligent selection of cleaning staff ☐ Visitors’ log ☒ Encryption of data carriers in laptops / ☒ Encryption of mobile data carriers notebooks ☐ Diligent selection of security staff ☐ Duty to wear authorisation passes ☒ Use of intrusion/detection Systems ☐ Use of central Smartphone Administration Software (f. ex. for the deletion of data) ☒ Use of Anti Virus Software ☐ Encryption of Smartphone Contents ☒ Use of a Hardware Firewall ☐ Use of a Software Firewall ☒ Not relevant, since data processing takes place exclusively on the client's systems
Electronic Access Control. Zugangskontrolle") Every employee has its own user identification with password which controls the access to the computer systems. The connection to the internet is secured by a firewall. External access by employees to the company network is secured by a VPN..
Electronic Access Control. Potential use of data processing systems by unauthorized persons is to be prevented. Each Party has implemented the following access control measures for systems and networks, in which personal data are processed or through which access to personal data is possible:
Electronic Access Control. No unauthorized use of the Data Processing and Data Storage Systems, e.g.: (secure) passwords, automatic blocking/locking mechanisms, two-factor authentication, encryption of data carriers/storage media; Description of existent or taken measures by processor: The measures of electronic access controls are: • Encryption of data and data media e.g., different TLS Versions and algorithms (e.g., AES,3 DES) • Encryption of clients especially laptops. • Servers are hosted in secured data centers • Password policy including minimum length, special characters, change routine of password • Re-login with username and password after time of user-inactivity (e.g. 5 minutes) • No written user-password • Secure deposition of master and administrative passwords of all relevant IT-Systems • Creation of one master record per user via Azure AD • Automatic blocking (e.g. wrong password, timeout) • Usage of username and passwords for all users • User rights are assigned • Role- based concept of user-structure and user-rights • Multifactor authentication • Regulation of data organization inclusive logging, reporting of data usage
Electronic Access Control. No unauthorized use of the Data Processing and Data Storage Systems, e.g.: (secure) passwords, automatic blocking/locking mechanisms, two-factor authentication, encryption of data carriers/storage media - Server and SAN/NAS are hosted in server rooms or data center areas which fulfil the ISO 27001 requirements - Individual username and password - Password regulation for users including regular prompts to change password - Close accounts of employees who have left the company including documentation - Automatically block workstations after 15 minutes / Clear screen policy - 2 factor authentication - WLAN secured against unauthorized access - Regular check of existing access authorizations
Electronic Access Control. Those authorized to use a data processing system have exclusive access to those personal data which are covered by their authorization. Detailed Description Xxxxxxxx: Availability and Resilience Recoverability It is ensured that systems can be restored in case of a malfunction.
Electronic Access Control. Ensures that those authorized to use a data processing system can only access the data for which they are authorized and that personal data is not subject to unauthorized viewing, copying, modification or deletion when it is processed or used or after it is stored. Central rights management separates system access from application access. Users can not change their own rights. Users can not request a change without approval by their supervisor. Change management of user rights in accordance with changing roles (f.e. at movements within the company) External access is restricted to VPN- or SSH- secured connections. Regularly Security checks of external access are carried out by appropriately specialized companies. Internal Security regulation including need to know principle Workstation computers are secured as follows: Users must log on through a centrally controlled identity management system. Employees are required to lock their computers. Computers are automatically locked after 15 minutes of idle time.
