- Products
Compute
Storage
Network
Container
Media
Outsourcing
Database
Artificial Intelligence (AI)
Compute
Storage
Network
Container
Container
Media
Media
Outsourcing
Database
Database
New products are being created in this section. Be patient for a moment or contact us for more information.
Artificial Intelligence (AI)
Artificial Intelligence (AI)
All products at a glance
- Solutions
After challenge
Use Cases
Cloud approaches
Modern Infrastructure
Business Continuity
Managed Services
Consulting
After challenge
I would like to...
- Replace / replace the on-premises infrastructure
- Use virtual machines in Switzerland
- A dedicated infrastructure in the cloud
- Get rid of IT management or parts of it
- more VMware Knowledge in the enterprise
- redundantly save the backup
- Reduce the risk for downtime
- a disaster recovery strategy
- cheap and easy cloud storage
- Migrate from Cloud to Cloud
Use Cases
Cloud approaches
Cloud approaches
Modern Infrastructure
Modern Infrastructure
Business Continuity
Managed Services
Managed Services
Consulting
Consulting
Benefit from 25 years of experience in the IT sector.
We support you in your search for the perfect IT strategy. Contact us for a non-binding offer.
All solutions at a glance
- Company
About Us
Important
Netstream AG
Richtistrasse 4
8304 Wallisellen
SwitzerlandLinks about the company
Technical and organizational measures (TOM)
Technical and organizational measures (TOM)
Version: 01.11.2022
This documentation contains the technical and organizational measures according to Art. 24, 32 (1) GDPR. The categories of measures are subordinated to the protection requirement goals of confidentiality, availability, integrity and resilience, whereby resilience is considered a subcategory of availability.
1. confidentiality
1.1 Access control
Measures office space:
- Video surveillance
- Automatic access control system
- Electronic locking system with authorization management
- Doors with knob outside
- Bell system with camera
- Visitor regulation
- Visitor escort by employees
- Contractual protection of service personnel (cleaning)
Measures Data Centers:
- Video surveillance
- Automatic access control system
- Electronic locking system with authorization management
- Biometric access barriers
- Restrictive access policies
- Security guards
- Visitor escort exclusively by authorized employees
- Alarm system inputs
- Contractual safeguarding with service providers (maintenance)
- Security locks
1.2 Access control
Measures:
- strict remote access policies
- Two-factor authentication where possible
- Firewall
- Regular verification of authorizations
- Mandatory encryption of data connections
- Conduct guidelines for employees in dealing with sensitive data
- Password policy
- Central password management
- Restrictive authorization rules for data requiring special protection
- Mobile and Telework Policy
1.3 Access control
Measures:
- professional, external destruction of data media
- Logging of accesses to applications, specifically when entering, changing and deleting data
- Deployment authorization concepts
- Minimum number of administrators
- Behavioral Guidelines Administrators
- Management of user policies by administrators
1.4 Separation control
Measures:
- Separation of productive and test environment
- Physical separation (systems / databases / data carriers)
- Multi-client capability of relevant applications
- Control via authorization concept
- Setting database rights
- restrictive authorization concept
1.5 Pseudonymization
Measures:
- Internal instruction to anonymize / pseudonymize personal data as far as possible in the event of disclosure or even after expiry of the statutory deletion period.
- Pseudonymization of personal data for analytical purposes in cooperation with third parties
2. integrity
2.1 Transfer control
Measures:
- Deployment VPN
- Logging of accesses and retrievals
- Encrypted transmission of data
- Documentation of the data recipients and the duration of the planned transfer or deletion periods.
- Disclosure in anonymized or pseudonymized form
- Supplier management according to ISO 27001
2.2 Input conrole
Measures:
- Technical logging of data entry, modification and deletion
- Traceability of input, modification and deletion of data through individual user names (not user groups)
- Assignment of rights to enter, change and delete data on the basis of an authorization concept
- Clear responsibilities for deletions
3. availability and resilience
3.1 Availability control
Measures:
- Additional security standard through ISO 27001 certification
- Fire and smoke detection system
- Automatic fire extinguishing system
- Climate monitoring server rooms
- UPS
- Emergency generator
- Redundant power supply
- RAID systems
- Video surveillance
- Alarm system
- Backup and recovery concept (business continuity policy)
- Monitoring systems
- Offsite backups
- Existence of an emergency plan
- Redundant power supply line
- Regular review and testing of emergency plans
- Incident Management Policy
4. procedures for regular review, assessment and evaluation.
4.1 Data protection measures
Measures:
- Central documentation of all procedures and regulations on data protection with access for employees according to need / authorization
- ISO 27001 security certification
- Regular review of the effectiveness of technical protection measures
- Internal data protection officer
- Data privacy policy for employees and awareness training
- Sensitization of employees
- CISO / internal information security officer
- External audits
- The organization complies with the information obligations according to Art. 13 and 14 DSGVO
4.2 Incident response management
Measures:
- Firewall use
- Regular update
- Regular check for security vulnerabilities
- Risk Management
- Spam filter
- Virus scanner
- Documented process for detecting and reporting security incidents / data breaches (also with regard to reporting obligation to supervisory authority)
- Documented procedure for handling security incidents
- Incident Management Policy
4.3 Privacy-friendly default settings
Measures:
- No more personal data is collected than is necessary for the respective purpose
4.4 Order control
Measures:
- Prior review of the safety measures taken by the contractor and their documentation.
- Selection of the contractor under due diligence aspects (especially with regard to data protection and data security)
- In the case of longer cooperation: Ongoing review of the contractor and its level of protection.
- Care in the selection of suppliers