Interxion. Interxion is a ISO 27001:2013(Information Security) and ISO 22301:2012(business continuity) certified data center provider. Interxion does also undergo a yearly SOC2 audit. Both the certificates and the audit report can be provided to customers, upon request. Further information about Interxion can be found on their official website. Only a limited number of named Siteimprove employees have physical access to the data center. Amazon Web Services AWS is a multi-certified data center provider, including certifications ISO 27001:2013(Information Security) and SOC 1, 2 and 3. Further information about AWS security posture can be found on their official website. AWS in Frankfurt, Germany is used by Siteimprove for storage of PDF and HTML files collected by the Quality Assurance service. It is also used for storage of Response website snapshots. AWS is used for off-loading application servers located in Interxion. Siteimprove’s access to personal data provided by the Customer The operation of Siteimprove services requires that some employees have access to the systems that store and process personal data provided by the Customer. These employees are prohibited from using these permissions to view the data unless it is a necessity. Technical controls and audit policies are in place and reviewed on a yearly basis to ensure that any access to personal data provided by the Customer is controlled and logged. Employee access to sensitive or critical information processing facilities is managed in accordance with the “need to know and least privilege” principles, ensuring that access is granted only to resources that require it to perform their tasks. The assessment of granting access privileges must be based upon current job function responsibilities. Employees’ passwords are protected according to current industry best practices (NIST 800-63), including an annual review of users in order to check correct operation. 2FA authentication using TOTP is implemented wherever technically feasible and Siteimprove currently uses it for all users accessing the email system used to communicate with customers and for all users using the Siteimprove Customer Relationship Management software. User activities related to personal data access and processing events are logged with the following details – username, IP address, time of the activity, activity, reason for the activity. User activity logs are kept for durations dependent on the business need. Logs are kept in a centralized ...
Interxion has no obligation to provide the Engineer or the Customer with any special tools or any spare parts to the Customer Equipment in order to perform Hands & Eyes Services. Customer shall be solely responsible for the availability of such special tools or spare parts to the Engineer.
Interxion. Interxion is the primary hosting location for the Siteimprove infrastructure, from which 99.9% of Siteimprove customers receive their service. Interxion is located in Xxxxxxxxxxxxxx 00X XX, 0000 Xxxxxxxx, Xxxxxxx - just outside Copenhagen. This location contains the bulk of the Siteimprove application logic and the various database back-ends. Only a limited number of named Siteimprove employees have physical access to the data center. Interxion is a state-of-the-art data center provider with: Power delivery with 99.999% SLA Temperature and humidity is monitored 24x7 and is in line with ASHRAE recommendations Diverse ISP connectivity A very early smoke detection system is installed with direct lines to fire stations Automatic gas-based fire suppression systems Fire-retardant walls Trained security staff on site 24x7 Five layers of physical security Access tokens in combination with biometric data and mantraps are used for data center entry CCTV video surveillance Interxion has access procedures in place for personnel and goods entry and maintains an access log for all entry to the data center. Interxion is a ISO 27001:2013(Information Security) and ISO 22301:2012(business continuity) certified data center provider. Interxion does also undergo a yearly SOC2 audit. Both the certificates and the audit report can be provided to customers, upon request. Further information about Interxion can be found on their website at xxx.xxxxxxxxx.xxx/xxxxxxxxx/xxxxxxx/xxxxxxxxxx/ Amazon Web Services (AWS) The AWS region in Frankfurt, Germany is utilized by Siteimprove for storage of PDF files collected by the Quality Assurance service and storage of Response website snapshots. AWS is also used for off-loading application servers located in Interxion. When certain thresholds are met, workloads are moved to AWS for processing, after which, the processed data is returned to Interxion. AWS is considered one of the top providers of cloud services and hold a number of certifications and are on a yearly basis subjected to several independent audits in order to maintain the certifications. AWS website: xxxxx://xxx.xxxxxx.xxx/compliance/ Appendix 3 – Instructions
Interxion. Interxion is a ISO 27001:2013(Information Security) and ISO 22301:2012(business continuity) certified data center provider. Interxion does also undergo a yearly SOC2 audit. Both the certificates and the audit report can be provided to customers, upon request. Further information about Interxion can be found on their official website. Only a limited number of named Siteimprove employees have physical access to the data center. AWS AWS is a multi-certified data center provider, including certifications ISO 27001:2013(Information Security) and SOC 1, 2 and 3. Further information about AWS security posture can be found under References in section 19. AWS in Frankfurt, Germany is used by Siteimprove for storage of PDF and HTML files collected by the Quality Assurance service. It is also used for storage of Response website snapshots. AWS is used for off-loading application servers located in Interxion. – Siteimprove’s access to personal data provided by the Customer The operation of Siteimprove services requires that some employees have access to the systems that store and process personal data provided by the Customer. These employees are prohibited from using these permissions to view the data unless it is a necessity. Technical controls and audit policies are in place to ensure that any access to personal data provided by the Customer is controlled and logged. Employee access to sensitive or critical information processing facilities is managed in accordance with the “need to know and least privilege” principles, ensuring that access is granted only to resources that require it to perform their tasks. The assessment of granting access privileges must be based upon current job function responsibilities. 2FA authentication using TOTP is implemented wherever technically feasible and Siteimprove currently uses it for all users accessing the email system used to communicate with customers and for all users using the Siteimprove Customer Relationship Management Software. User activities related to personal data access and processing events are logged with the following details – username, IP address, time of the activity, activity, reason for the activity. User activity logs are kept for durations depending on the business need. Logs are kept in a centralized logging solution, wherever technical feasible. Logs are inspected as part of the internal security audit as well as external audits relevant to the specific area of logging (infrastructure supporting financia...
