Security
Q. At what physical location is the data stored?
A. All data is stored in the Netherlands by default. We understand the importance of locating your data. We have dedicated private cloud servers on our own physical servers. In this way we can assure your data will not be hosted on a foreign site via a virtual server.
Q. At what (physical) locations are the servers located?
A. All servers are running at multiple locations in The Netherlands
Q. Is the stored data encrypted?
A. Data encryption is an option. We designed the network and application configuration in such way that the data is not accessible from the outside and is stored in such ways that files are not directly related to clients, only to id’s. The data is stored behind different layers of defence. However encryption can be a requirement that needs to be fulfilled. We have different levels of encryptions from files, to data to complete database with decryption on server level. Encryption on any level will always influence the performance of the application. Extra costs (hardware) might be involved to ensure good performance.
If Encryption is required we will analyse with the client what should be encrypted and how it will be decrypted. Depending on the business case we offer several options that will ensure the balance between security and user experience.
Q. What measures has Dynasec implemented at their data centers to ensure a quality level of service?
A. Our data centers have ISO 9001, ISO 14001 and ISO 27001 certifications. WCDE also has NEN 7510 additional to the previous mentioned certifications.
Q. What server architecture does Dynasec use at the data centers?
A. All servers are bare-metal servers hosted by multiple data centers in the Netherlands. All servers are leased.
Q. How is security of data transmission ensured?
A. HTTPS is used for securing all data transmissions.
All data communication between clients-users and data locations is encrypted via HTTPS connection. Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP) for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS), or, formerly, its predecessor, Secure Sockets Layer (SSL). The protocol is therefore also often referred to as HTTP over TLS, or HTTP over SSL.
Q. What levels of authentication (logon) does Dynasec provide for the users?
A. All Dynasec solutions provide strong, multi-factor authentication. Multi-factor authentication (MFA) is a method of confirming a user’s claimed identity in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is). Dynasec solutions provides MFA through SMS mobile phone or QR code scanning next to the default login username and password. For the SMS authentication, the client needs to add a message bundle for additional expenses.
Privacy
Q. Are the software and services Dynasec provides compliant to the EU GDPR?
A. Yes, our software and services are fully compliant to the EU GDPR. The GDPR includes, among other things, the following obligations:
- Inform your customers (for which you record data) and mention how long you store this data;
- Inform your customers about their rights (the right to audit, adapt and delete data), the right to grant and withdraw access and use of records, the right to portability of their data and the right to submit complaints to the GDPR Authorities
- A Data Protection Impact Assessment is sometimes mandatory (e.g. if you systematically and extensively evaluate personal aspects)
- You should collect as little privacy-sensitive information as possible and get it dispose as soon as possible on the basis of an internal policy that indicates when data is no longer relevant.
- If data is processed on a large scale, it may be necessary to use a Data Protection Officer
- Document all data leaks
- Provide a processing agreement (the processing agreement of DYNASEC meets the requirements of the GDPR)
- The GDPR imposes strict requirements on the permission that you have to ask for processing data. You must be able to prove that you have received permission.
- Data that is stored in online services must be easily transferred to other systems (portability)
- Data must be safely ‘discarded’
DYNASEC ensures that functionality is available to meet the requirements of the GDPR regarding points 10, 11, 12 and 13.
The Dynasec Solution provides all industry ‘standard’ GDPR functionalities:
Default emails, asking for approval news bulletins, enquiries, events and newsletters
Within all email (campaigns) options to opt-out
Per standard, the IIA member will have to approve storage and use of (anonymous) data
In each online process (review, certification, file review) GDPR approval must be given
Continuity
Q. How is the continuity of the customers’ data and functionality ensured in case Dynasec goes bankrupt?
A. The continuity is ensured by the WCDE Foundation (explained below)
Purpose of the WCDE foundation
The Stichting Waarborg Continuïteit Dienstverlening Ez2xs (WCDE) was established on 22 September 2014 at the request of customers of the ez2xs platform, in order to guarantee the continuity of the online software developed by Dynasec Netherlands B.V. Under the ez2xs platform is understood all online software of ez2xs delivered to its customers by Dynasec Netherlands B.V., such as easy2access, easy2certify and related (client specific) Portals. The aim of the WCDE Foundation is to guarantee the continuity of the data and functionality of all the software mentioned above, for a period of 6 months, or, if the Board of the Foundation decides to do so, a longer period. In case of (threatening) discontinuity of Dynasec Netherlands B.V., the board of the WCDE Foundation may decide to give the customers connected to the Foundation access to the own servers of the Foundation. On these servers (online synchronized) copies of the software and the data of all (connected) customers are continuously updated. (See FAQ data storage locations). This means that in case of (unforeseen) discontinuity of Dynasec Netherlands B.V., for example, arrears in payment of the servers of Ez2xs B.V., of which customers make daily use, can lead to loss of data or functionality (the Foundation has its own, by her own paid servers). In addition, it is prevented that a curator can “blackmail” the customers in order to collect creditors’ claims (from the customers).
Finally, the redundant servers of the Foundation (in addition to the daily used servers of Ez2xs) offer an extra safety net for (unforeseen) calamities.
Construction for the WCDE Foundation
After the establishment of the WCDE Foundation, the lawyers of ICTRecht B.V. have drawn up an agreement between the Foundation and Dynasec Netherlands B.V. This agreement regulates, among other things, the license fees for the Foundation, the ‘use’ of key personnel of Dynasec Netherlands B.V. and those situations in which the Foundation ‘comes into action’. By means of “Appendix C: The Beneficiary Agreement” a customer is “beneficial”, so that it is eligible for the services of the Foundation.
The Foundation is an entirely independent entity and has an agreement with a ‘hosting organization’ for the use of its own servers. It finances this contract entirely from the proceeds of the entrance fees and the annual cost allocation to the “beneficiary” organizations.
Q. How is data-continuity ensured?
A. Data continuity is ensured via mirroring/real time synchronisation and backup
Real Time Synchronisation:
Database replication, this is managed by MariaDB
Hourly Synchronisation:
Files are replicated via snapshots on BTRFS volumes
Daily Synchronisation:
Rsync backup database to datacenter backup
Rsync backup files to datacenter backup
Q. How are patches, updates and security (bug) fixes in the software and infrastructure applied?
A. The cloud and portal solutions are centrally managed environments. New releases (patches, bug fixes and updates) will always be deployed after acceptance by the client. We facilitate a develop, test and acceptance environment which resembles your production. Online you will find the release notes of the new release, so you focus the test on the new features.