...
We keep the root password in a secure location (e.g., in an envelope in a safe). It is retrieved only when absolutely necessary. Processes are in place to ensure accountability, and the password is changed after every use.
Does the Third Party (or sub-processor) ensure the IT Facilities (Data Centre) that holds customer data, is protected against attacks, accidental damage, natural hazards and unauthorised physical access?
Yes. All customer facing infrastructure is hosted on AWS. Data is stored in Germany. However, our products and services may be provided using resources and servers located in various countries around the world, including the U.S. and other countries. Your information may be transferred and processed by third-parties outside the country where you use our services, including to countries outside the European Economic Area (EEA), where the level of data protection may not be deemed adequate by the European Commission (i.e., where you have fewer rights in relation to your information). We expect that our third-party service providers will comply with the terms of the European Union’s General Data Protection Regulation (GDPR), and that any international data transfers be made under a recognized basis such as the US-EU Privacy Shield, EU Standard Contractual Clauses, and/or Binding Corporate Rules.
Does the Third Party employ Intrusion Detection System (IDS)/Intrusion Prevention System (IPS), Firewalls and other network security services to protect customer services? Please list all services with vendors.
We have signature- and/or anomaly-based IDS/IPS in place, and sensors are in place at strategic points throughout the network. We have firewalls for filtering all inbound and outbound traffic.
Does the Third Party use documented secure build configs for Operating System (OS) and Databases (DBs) supporting customer data?
Restrictions on Software Installation Rules governing the installation of software by users shall be established and implemented in accordance with the Yasoon GmbH Information Security Policy.
Backups
Do you sync data to a different site in near real time?
...