v1.0.0

Security measures

The servers for the online application, databases, and data protection (backup) are run and maintained by third parties in professional data centres. Subcontractors are selected carefully and with respect to their security awareness and their expertise based on verified audits and certificates. Some of the relevant safeguards of the following checklist are not shown separately because it is the responsibility of subcontractors or are not published in detail for the sake of maintaining the security of confidentiality.

Access control (Physical)

The access control to the server infrastructure occurs by the spatial structure of the data centre and there through the operator ensured control system. Physical access to the servers is maintained and controlled by subcontractor.

Access control (Logical)

RetinaLyze System has implemented suitable measures to prevent its data processing systems from being used by unauthorized persons.

This is accomplished by:

• Automatic lock out of the user ID when several erroneous passwords are entered. Events are logged and logs are reviewed on a regular basis.

• Automatic time-out of user terminal if left idle, identification and password required to reopen.

• Continuously monitoring infrastructure security.

• Regularly examining security risks by internal employees.

• Role-based access control implemented in a manner consistent with principle of least privilege.

• Remote access to infrastructure is encrypted and secured using two-factor authentication tokens.

• Access to host servers, applications, databases, routers, switches, etc., is logged.

• Passwords must adhere to the RetinaLyze System password policy, which includes minimum length requirements and enforcing complexity.

Transmission control

RetinaLyze System has implemented suitable measures to prevent Personal Data from being read, copied, altered or deleted by unauthorized parties during the transmission thereof or during the transport of the data media.

This is accomplished by:

• Use of adequate firewall and encryption technologies to protect the gateways and pipelines through which the data travels.

• Sensitive Personal Data is encrypted during transmission using up to date versions of TLS or other security protocols using industry standard encryption algorithms and keys.

• Customer sensitive Personal Data and other confidential customer data are encrypted at rest within the system.

• Protecting web-based access to account management interfaces by employees through encrypted TLS.

• End-to-end encryption of screen sharing for remote access, support, or real-time
  communication.

• Use of integrity checks to monitor the completeness and correctness of the transfer of data.

Input control

RetinaLyze System has implemented suitable measures to ensure that it is possible to check and establish whether and by whom Personal Data have been input into data processing systems or removed.

This is accomplished by:

• Authentication of the authorized personnel

• Segregation and protection of all stored Personal Data via database schemas, logical access controls, and encryption

• Utilization of user identification credentials

• Physical security of data processing facilities

• Session time outs

Order control

There are contracts for data processing as far as personal data being processed on behalf of the customer. The processing of personal data on behalf of orders given by the Contractor shall be ensured only by written agreement between the Contractor and the Customer or the datacentre. If serious changes occur in the process, the Customer shall be informed.

The Customer shall be informed about the operational status of the system.
The security of remote maintenance is not applicable as there is no remote control by the Customer.

Availability Control

RetinaLyze System has implemented suitable measures to ensure that Personal Data is protected from accidental destruction or loss.

This is accomplished by:

• Redundant data storage.

• Software exclusion: Breakdown of the servers for independent and autonomous fulfilment of the tasks (shared nothing architecture).

• Multiple incremental data backup.

• Data backups with a timetable which appropriately reflects data changes.

Separation rule according to the principle of earmarking

RetinaLyze System has implemented suitable measures to ensure that Personal Data collected for different purposes can be processed separately.

This is accomplished by:

• The database principle, separation by access control.

• Separation of test and production data.

• Separation of development and production environment.