In order to comply to privacy regulations like the General Data Protection Regulation (GDPR), we strongly advise you (despite being controllers or processor) to implement appropriate technical and organizational measures (TOMs, Art. 32 GDPR).

Technical and organizational measures may include, but are not limited to, functions, processes, controls, systems, procedures, and measures that organizations implement to promote secure processing and storage of personal data, avoid data breaches, and facilitate compliance with relevant data protection obligations.

Depending on the size of your organization and the processing activities undertaken, there are a broad range of technical and organizational measures that you can undertake. For example, the Federal Office for Information Security suggests utilizing established frameworks such as ISO/IEC 27001 based on IT-Grundschutz.

Specific Measures

To use our product securely and in compliance with privacy regulations like GDPR, we recommend implementing the following measures. This is not a complete plan and the following represents an example that should be best adapted to your needs and situation:

Configure HTTPS for the API

If you intend to expose the brighter Redact API beyond your local trusted network make sure to use HTTPS. In order to achieve this we recommend using industry standard web server solutions such as nginx or caddy. SSL certificates can be acquired from a variety of certificate authorities, e.g. Let's Encrypt. By applying this best practice you can ensure that your data is always encrypted when in transit.

Encrypt drives where container is mounted

Beyond encryption at transit as mentioned in the previous section it is also important to encrypt the data at rest. We recommend to use some form of full disk encryption(FDE) on any system which handles sensitive data. The exact tooling to achieve this vary heavily depending on your operating system and hardware capabilities. A good starting point for Linux-based systems is dm-crypt as it is part of the Linux kernel and as such widely supported without any effort.

Create and test a backup strategy

Ensure that backups are continuously and frequently made and regularly checked for successful recovery. These backups also need to fulfill the requirement of encryption in while in transit to the remote location and at rest when stored.

General Measures

In addition to these measures standard security measures for data and technology should be undertaken. The standard today for an effective and comprehensive security plan is organized around the three main pillars of security often referred to as the CIA triad, namely:

Confidentiality, i.e Data is not able to be read or taken by others
Integrity, e.g. You know what data you have and that it is correct
Availability: e.g. Your data and systems are available to be used while also being secure

In this regard we recommend at minimum the enactment of the following measures. This is not a complete plan and the following represents an example that should be adapted to your needs and situation:

1. Confidentiality (Article 32 Paragraph 1 Point b GDPR)

1.1. Physical Access Control

No unauthorised access to Data Processing Facilities, e.g.: magnetic or chip cards, keys, electronic door openers, facility security services and/or entrance security staff, alarm systems, video/CCTV Systems
- Definition of authorized persons
- Documentation of the issuing and return of cards/keys
- Documented procedure in the event a card/key is reported missing
- Manual locking system
- Security locks
- Electronic access control
- Alarm system
- Construction measures (burglar-proof windows)
- Issuing of badges (access control ID passes)
- Protection of IT and network equipment against unauthorized access
- Reception to check persons' IDs
- Security services employed outside working times
- Video surveillance of entrances
- Written regulations on access control
- Security concept for data centers/server rooms

1.2. Electronic Access Control

No unauthorised use of the Data Processing and Data Storage Systems, e.g.: (secure) passwords, automatic blocking/locking mechanisms, two-factor authentication, encryption of data carriers/storage media - Server and SAN/NAS are hosted in server rooms or data center areas which fulfil the ISO 27001 requirements - Individual user name and password
- Password regulation for users
- Regular prompts to change password
- Account disabled after incorrect attempts at access
- Close accounts of employees who have left the company incl. documentation
- Automatically block workstations after 15 minutes / Clear screen policy
- 2 factor authentication
- Authentication by means of smart card/security token/dongle/certificate
- WLAN secured against unauthorized access
- Regular check of existing access authorizations

1.3. Internal Access Control

Permissions for user rights of access to and amendment of data) No unauthorized Reading, Copying, Changes or Deletions of Data within the system, e.g. rights authorization concept, need-based rights of access, logging of system access events
- BIOS password and boot sequence definition
- Access restrictions to network limits
- Configure authorization concept and assign by roles
- Implementation of the need-to-know principle
- Logging of access (log protocols)
- Analyze log files for irregularities (for example SIEM)
- Logging of file access
- Logging of database access
- Logging of data access or transfer
- Reporting of all automatically detected attempts at misuse (for example SIEM)
- Definition and documentation of authorized persons
- Written documentation of authorization rights
- Regular check of existing authorizations
- Restriction of the person subgroup assigned with transfer authorization rights
- Regular check of log data

1.4. Isolation Control

The isolated Processing of Data, which is collected for differing purposes, e.g. multiple Client support, sandboxing; - Network segmentation depending on level of protection required
- Separation of functions by multi-client enabled systems
- Physical separation of data
- Separation of development, testing, and live systems
- Sandboxing
- Data records with function attributes
- Documented legal basis if data is not separated

1.5. Pseudonymisation (Article 32 Paragraph 1 Point a GDPR; Article 25 Paragraph 1 GDPR)

The processing of personal data in such a method/way, that the data cannot be associated with a specific Data Subject without the assistance of additional Information, provided that this additional information is stored separately, and is subject to appropriate technical and organisational measures.
- Pseudonymisation of personal identifiable data

2. Integrity (Article 32 Paragraph 1 Point b GDPR)

2.1. Data Transfer Control

No unauthorized Reading, Copying, Changes or Deletions of Data with electronic transfer or transport, e.g.: Encryption, Virtual Private Networks (VPN), electronic signature;
- Encryption of laptops
- Encryption of other removable media (USB, etc.)
- Safe transmission of sent data (e.g. SFTP, VPN, TLS, SSL, PGP, S/MIME)
- Use of electronic signatures
- Central management of keys for encrypted systems
- Security directives on handling confidential data (for example health data)
- Secure storage of removable media (CD, DVD, pen drive)
- Deletion and destruction of data storage media according to DIN 32757
- Legal basis verified before documents are distributed to third parties
- Documentation on the distribution to third countries
- Secure transport of removable media (for example backup, tapes)
- Encryption of data transmissions (removable media)

2.2. Data Entry Control

Verification, whether and by whom personal data is entered into a Data Processing System, is changed or deleted, e.g.: Logging, Document Management
- Logging input of personal data
- Regularly check log data
- Integrity and authentication check

3. Availability and Resilience (Article 32 Paragraph 1 Point b GDPR)

3.1. Availability Control

Prevention of accidental or willful destruction or loss, e.g.: Backup Strategy (online/offline; on-site/off-site), Uninterruptible Power Supply (UPS), virus protection, firewall, reporting procedures and contingency planning; Rapid Recovery (Article 32 Paragraph 1 Point c GDPR) (Article 32 Paragraph 1 Point c GDPR);
- Operation and regular inspection of UPS, emergency power, over-voltage protection
- Use of virus scanners
- Use of firewalls
- Monitoring of operating parameters in data centers/server rooms
- Fire/smoke alarm installation
- Alarm system for data centers/server rooms
- Use of penetration tests
- Data security concept with regular backups
- Regularly check the status and labeling of storage medias and data backups
- Offsite archive of removable backup media
- Regular testing of restore methods
- Ability to restore in a timely manner
- Operation and testing of emergency plans

4. Procedures for regular testing, assessment and evaluation (Article 32 Paragraph 1 Point d GDPR; Article 25 Paragraph 1 GDPR)

4.1. Data Protection Management

4.2. Incident Response Management

 - Creation of incident response plans 
     - Periodic dry runs and updating of incident response plans

4.3. Data Protection by Design and Default (Article 25 Paragraph 2 GDPR)

 -Data privacy friendly pre-settings 
 -Data privacy taken into account during designing of new software

4.4. Order or Contract Control

No third party data processing as per Article 28 GDPR without corresponding instructions from the Client, e.g.: clear and unambiguous contractual arrangements, formalized Order Management, strict controls on the selection of the Service Provider, duty of pre-evaluation, supervisory follow-up checks.
- Contractual regulations in compliance with Article 28 Paragraph 3 GDPR (Processing by a processor) - Contractual
regulations in compliance with EU standard contractual clauses
- Strict controls on the Selection of contractors, especially in terms of their carefulness and reliability (particularly regarding
data security) and in compliance with regulations
- Data confidentiality obligation of employees at the contractors
- Documented formalized contract management
- Ensure that personal data is destroyed after contract completion