Description:
Our customers may be concerned about how Ruptela protects its data. In this article you can find relevant information.
Important link: Data protection
Our Ruptela Data protection officier (DPO) is Diana Laura Ločinska [email protected]. Please contact her if you have additional questions.
Data retention policy:
Do we have our data hosted locally? Who has access to the data?
Both Data centers are located in Lithuania. No data is processed out of EEA ((European Economic Area). We would like to emphasize that all of Ruptela’s servers are fully controlled by Ruptela and no third-party can access the data that is stored in its servers.
What measures or policies do we apply when it comes to protecting access to personal data? Are ISO certified? If a request is made by a customer who is requesting a report on personal data collected that is related to himself, how confident are we to provide that information, and have we done that before?
Ruptela, as a Data processor, is taking all necessary and adequate state-of-the-art measures to ensure that collected and processed personal data will be protected from unlawful access, alteration, or destruction. Required measures are adopted, including but not limited to:
Organizational:
Approved internal data protection policy and related procedures (data protection impact assessment, data subject access request management, personal data breaches management, vendor risk management);
All employees of Ruptela and Data processors are committed themselves to confidentiality through confidentiality agreements and data protection agreements.
Trainings on personal data protection and information security topics are organized periodically.
Roles and responsibilities are assigned and controlled following approved information security policies. Access to the database is restricted on a need-to-know basis, depending on employees' and processors' roles and responsibilities in the data processing.
Ruptela designated official data protection officer (DPO) that is involved in all issues which are related to the protection of personal data.
All information resources are identified, and constantly checked.
Technical:
ACCESS CONTROL: Access to Ruptela internal resources is protected and managed through Active Directory. O365 multi-factor authentication is enabled for all users. Other than O365 systems containing customer data are accessible only from the internal network by authorized employees with their unique accounts. Access is being removed immediately after employee contract termination. Every 6 months account audit is performed to ensure no unauthorized accounts are present.
COMPUTER SECURITY: All computers are antivirus protected, have Ms Win10 OS with all the newest security updates, and are managed through AD. Computers' hard drives are encrypted. VPN Client is enabled for remote working.
ENCRYPTION: Ruptela solutions are using SSL/TLS with high-grade encryption algorithms to secure externally facing service endpoints. In addition to this, Ruptela is also leveraging IPSec VPN with high-grade encryption to secure communication between remote sites or service endpoints
BACKUPS: A backup of the database is performed every 24 hours. The database has master / slave architecture. Coordinate databases are replicated in three separate locations. At the moment, Ruptela is implementing a new generation backup solution based on Cohesty software using a 3-2-1 (three copies, in 2 different medias, and at least one offsite copy) backup strategy. End users cannot delete information on a database level.
LOGGING: RUPTELA is using a logging solution that are tracking changes that were performed on virtual machines. System users' actions (log ins / log outs, deleting, inputting) are also monitored and can be identified through the users' IP addresses.