...
There is the possibility to mark resources for public access. This option is never the default option and must be carried out by a user with special permissions on that resource.
...
Onesait Platform can be configured with different authentication mechanisms depending on security requirements:
- Username and password.
- Digital certificates: Such as electronic DNI (Spanish national identity document) or others, signed and issued by competent authorities.
- Double authentication factor: Authentication accompanied by SMS or e-mail with verification code.
...
Communications protection
[mp.com.1] Secure Perimeter
A firewall system shall be provided to separate the internal network from the outside. All traffic must pass through this firewall, which will only allow previously authorized flows to pass through.
...
During the implementation of the Platform, and based on a risk analysis, the set of rules to be implemented in the firewall will be determined.
[mp.com.2] Confidentiality Protection
Virtual private networks will be used when the communication runs through networks outside the security domain itself where possible. Algorithms accredited by the Centro Criptológico Nacional (Spanish National Cryptologic Center) shall be used.
[mp.com.3] Authenticity and Integrity Protection
All communications are protected by SSL certificates or electronic certificates such as DNI (Spanish national identity document).
Information protection
[mp.info.1] Personal data
In accordance with the EU regulation 2016/679 for data protection (GDPR, General Data Protection Regulation), the platform adopts the necessary requirements in software design and development to ensure privacy and personal data protection for the user in any possible scenario. Users will have their personal data secured and protected. They will be able to define restrictions and use information assignments, guaranteeing at all times the rights established in the GDPR.
...
- Forget my data: The user can delete any information contained in the ontologies that user owns.
- Revoke consent: The user can revoke any consent previously granted.
- View my data: The user can view the data stored in the ontologies that user owns.
- Forget me: The user can delete that user's profile, removing all the information.
[mp.info.9] Backup copies
The system will take advantage of the facilities and tools provided by the AWS Cloud, specifically the snapshot concept that allows to back up data, allowing to take snapshots at a given time and running incrementally, and saving storage costs. These snapshots contain the information necessary to restore data on a final volume, producing an exact replica of the original volume. The replicated volumes load the data in the background, allowing to start using them immediately.
...
Explained in the security measure [mp.com.1]. Secure perimeter.
- System sizing and scaling
...