Briox as processor is responsible for taking appropriate technical and organisational measures i Briox systems. This means that we (Briox) in the Briox program will insure that the required security is in place, such as encrypted storage, access control, possibility to obtain a copy of personal data and erase personal data. When there is no features in the System to manage personal data, Briox has internal routines for this. The actions taken by Briox is described in more details below.
Encrypted communication: All data communication to and from the User’s computer is encrypted using secure sockets layer (SSL) protocol. SLL is the most widely used internet standard for encrypted communication. Briox uses 256-bit SSL encryption and 2048-bit public keys from RSA.
Login to the Service: In order to use the Service, the User is required to login with a username, database name and password.
Password protection: Login procedure is fully encrypted, which means that no information is sent as unencrypted text. The User’s password is stored in a one-way encrypted format (with a standardised one-way cipher).
Automatic logout: To prevent unauthorised persons access to information if a computer is left unattended, the system automatically logs the User off after the selected time interval. The User can choose to set the automatic logout to 15 minutes, 30 minutes, 1 hour, 2 hours or 8 hours. The User is always responsible for the risk caused by unauthorised use of the Service as a result of the User having left a logged-in computer unattended.
Continuous verification of the User: Each call to our servers means a control of the logged-in User.
Briox’ Services are hosted on its’ own servers in an enterprise grade data centre located in the UK which is monitored 24 hours a day, every day of the year. Storage of data is available at two geographically separated locations in UK and Sweden where daily backups are taken.