Briox as processor is responsible for taking appropriate technical and organisational measures i Briox systems. This means that we (Briox) in the Briox program will insure that the required security is in place, such as encrypted storage, access control, possibility to obtain a copy of personal data and erase personal data. When there is no features in the System to manage personal data, Briox has internal routines for this. The actions taken by Briox is described in more details below.
Authentication and encryption
Encrypted communication: All data communication to and from the User’s computer is encrypted using secure sockets layer (SSL) protocol. SLL is the most widely used internet standard for encrypted communication. Briox uses 256-bit SSL encryption and 2048-bit public keys from RSA.
Login to the Service: In order to use the Service, the User is required to login with a username, database name and password.
Password protection: Login procedure is fully encrypted, which means that no information is sent as unencrypted text. The User’s password is stored in a one-way encrypted format (with a standardised one-way cipher).
Automatic logout: To prevent unauthorised persons access to information if a computer is left unattended, the system automatically logs the User off after the selected time interval. The User can choose to set the automatic logout to 15 minutes, 30 minutes, 1 hour, 2 hours or 8 hours. The User is always responsible for the risk caused by unauthorised use of the Service as a result of the User having left a logged-in computer unattended.
Continuous verification of the User: Each call to our servers means a control of the logged-in User.
Storage and backups
Briox’ Services are hosted on its’ own servers in an enterprise grade data centre located in the UK which is monitored 24 hours a day, every day of the year. Storage of data is available at two geographically separated locations in UK and Sweden where daily backups are taken.
- The data centre is equipped with automatic smoke detection systems and is divided into separate fire zones. The climate control system ensures that the temperature is low and the humidity is optimal.
- The data centre is equipped with a backup power supply system and a diesel generator to ensure power supply to the servers.
- High-capacity connections ensure customer access to the Service.
- Entrance to the data centre is granted to authorised staff only.
- The Briox server environment and network is protected by firewalls. Moreover, Briox proactively monitors and analyses firewalls and system logs.
- Briox has comprehensive backup procedures which ensure continuity of the Service. Encryption of customer passwords remains at backups (when backups are taken). Complete backups are made daily and transferred to two physically separate locations.
Knowledge and information information protection
- Only a few key people know how the safety system is constructed.
- All staff are bound by a confidentiality and non-disclosure agreements which prevent the dissemination of User information.