Archie Europe enforces an authorization policy for the Archie CRM hosting environment, ensuring that employees only have access to the information that is strictly necessary for the performance of their duties.
Authorization policy objectives
The authorization policy provides the framework for access to and use of data, applications and technological infrastructure by means of a package of standards and requirements and related measures.
The purpose of the authorization policy is to safeguard controlled access to and use of data, applications and technological infrastructure in the context of the Archie CRM hosting environment.
Access privileges are registered. Registration of service accounts and other security credentials besides personal logins takes place in a secure database. Only specific employees have access to the secure database, safes (via fingerprint), keys etc. that are needed or contain the information needed to access the cloud servers or client data. Only one specific employee (who may act under the direction of the security/privacy officer) is entitled to assign/create a user ID.
The organization of information security and communication processes within Archie Europe bv
Archie Europe B.V. maintains an active information security policy. In addition, Archie Europe B.V. employs a security/privacy officer who encourages security awareness, verifies correct handling of personal data, and takes measures to ensure compliance with the information security policy.
Archie Europe B.V. employees sign a confidentiality agreement. In addition, an “Ethical Code” is in force within the company, which has also been signed by all employees. Under the authorization system, employees do not have access to more data than is strictly necessary for the performance of their duties.
Access to data for which Archie Europe B.V. is responsible is granted solely by the owner of the data in a personal capacity. This also applies to third parties and members of Archie’s hosting team.
Physical security and continuity of resources
Personal data is processed solely in an environment (the Archie CRM hosting environment) that is protected from outside threats to the equipment or location, with physical security measures in place as well as measures to guarantee continuity of service.
Archie CRM hosting is provided through colocation at DCG. Archie hosting is secured by a firewall that regulates all Internet traffic. Physical security of the hardware is provided by DCG. DCG is ISO 27001:2013-certified and has issued a statement of applicability in relation to ISO 27002:2013. Physical access at DCG is only possible after sign-in of specific Archie Europe B.V. employees, who need to show valid ID and pass biometric security checks. This also applies to any third parties whose services are engaged. The racks have been further secured using combination locks. The codes to these locks are known only to specific designated employees.
To guarantee continuity of service, periodic encrypted backups are made of all data in the Archie hosting environment. These backups are processed in strict confidentiality and stored in a physically and virtually secured environment. Backups are stored off-site. Archie further operates a secure failover installation at a different site.
The AMEE layer (Archie Multi-Tier Environment Engine – interlayer software) protects the Archie database in the SQL server by ensuring that Archie users are never in direct contact with the SQL server through the client software. Communication with the database is handled via a registered SQL user account (username and password as registered within the SQL server environment). Client-server traffic is encrypted according to the AES standard. Web traffic is encrypted by means of an SSL certificate.
Network and server security and maintenance
Stringent security measures are in force to protect the network environment in which the data is stored. Passwords are cryptographically protected, and traffic flows are separated. Measures have also been implemented to guard against attacks and misuse.
The security of the framework in which personal data is stored in the context of the Archie hosting environment is continuously monitored.
The latest (security) patches are installed periodically through a patch management system.
A Pen and Hack test is conducted annually by a specialized agency to ensure the most up-to-date security improvements are implemented.