Menu
Menu
Yes, that’s a part of ISO27018. However please bear in mind that some data might transits out of EU. E.g. when sending e-mails, Text Messages or Push notifications. For that very same reason we will never send Personal Information nor Health Information through these channels.
Microsoft Azure using their European data centers.
We are a small development team, so segregation of duties can be difficult. However, we ensure that code entering production is peer-reviewed by at least one other team member of the development team. Also, only our CTO has privilege to release in our production environment.
https://wlbpubliccontent.blob.core.windows.net/public/E-bog%20dokumenter/WLB%20-%20Informationssikkerhedspolitik.pdf
All accounts accessing our Azure-tenant requires 2FA through Azure AD. Database: We use Azure SQL Server instances which have all been set up with SQL Server Audit, Azure SQL Threat Detection and IP restrictions. Web Servers: Only accepts HTTPS, checked weekly by Detectify and in real-time by Azure Security Center.
https://www.microsoft.com/en-us/TrustCenter/Compliance/iso-iec-27018
We are designing our system around GDPR and we will comply and disclose data categories before May 2017, but we are not ready to disclose that information yet.
Azure SQL Database transparent data encryption helps protect against the threat of malicious activity by performing real-time encryption and decryption of the database, associated backups, and transaction log files at rest without requiring changes to the application. TDE encrypts the storage of an entire database by using a symmetric key called the database encryption key. In SQL Database the database encryption key is protected by a built-in server certificate. The built-in server certificate is unique for each SQL Database server. If a database is in a GeoDR relationship, it is protected by a different key on each server. If