SECURITY
WITH US YOUR DATA IS SECURED

We pay the highest attention to the reliable and trouble-free operation of our systems and the security of your personal data. Through continuous investments in security infrastructure, we guarantee the highest possible availability and security level.

What does this mean to you?

  • Availability 24/7
  • High performance through fast connection and modern servers
  • Guaranteed system availability even with malfunctioning hardware
  • Guaranteed system availability even with malfunctioning by 2 out of 3 redundant Internet connections
  • 128-bit SSL encryption of all communication
  • Physical and logical protection of candidate data
  • Compliance with German and European data protection rules
  • Excluding data transfer to any third parties

In the following, we describe at the abstraction level necessary for safety reasons the protection of your data and the measures for performance optimization of the technology. If requested we are happy to discuss details in a personal interview.

Privacy

For HR Diagnostics, compliance with data protection regulations has highest priority. Beyond the legal data protection regulations, we also consider the recommendations of recognized bodies of voluntary self-regulation in the field of data protection and IT security.
As far as HR Diagnostics personal information collection is concerned, this is only done after the consent of the concerned parties and for the intended use. Other data is stored by HR Diagnostics in the form of the usual connection information that is normally stored by web servers. This data does not regularly allow conclusions to be drawn about the users. Any further processing and analysis of this data is only passed on in anonymous form.

The transmission of data to third parties is not permitted.

Data security

Cornerstone of the security concept is the location of the server cluster in one of the most modern and energy-efficient data centers, which provides the optimum conditions in terms of safety and availability, including:

Access controls

  • Multi-level security concepts to protect the system against unauthorized access and other security risks
  • ID card access system
  • Site-specific access restrictions
  • Video surveillance of outside and inside sections

Air conditioning and climate monitoring

  • Air conditioned site with redundant power supply and emergency generator
  • Air conditioning of room, cabinets and racks with double floor

Fire protection

  • Dual, independent fire detection systems, indoor air inspection using laser detectors
  • Nitrogen fire-fighting system to prevent hardware water damage

Power supply

  • Uninterruptable power supply
  • Securing of emergency power supply by independent external units, long lasting battery buffers for bridging time

Firewalls

  • Servers within the DMZ can be accessed via the Internet through http and https, security of DMZ on both sides through high-capacity firewalls
  • Servers within the intranet are not directly accessible via internet

Server

  • Use of modern multiprocessor systems with Linux servers and current patch level as application and web server
  • Operation of the database server on Windows 64-bit servers with Microsoft SQL Server
  • Web server running under Apache 2, the application server with Apache Tomcat and Java EE

Backups

  • Securing of web applications on NAS
  • Full data base backups on NAS
  • Backup intervals structured according to service level and periods

Redundancy

  • Application server can be operated in cluster with a high number of transactions for a dispatcher / reverse proxy. During operation, activation of additional application servers is possible.
  • Use of failsafe servers for data bases