Array ( )

IT security concept of INH GmbH

The following measures are taken and regularly evaluated by both INH GmbH (hereinafter referred to as INH) and the data center operator Hetzner to protect the confidential and personal data of the client and its customers:

1. Access control (Entrance / system access control)

Measures from Hetzner

INH only uses server systems from data centre operators that have valid certifications and thus implement all technical and organizational measures in accordance with the GDPR. Hetzner relies on extensive measures certified according to various standards to prevent unauthorized access to processing systems. These include, among others:

A) ACCESS CONTROL SYSTEM

Electronic access control for access to the data center and individual security areas. Hetzner uses RFID technology and biometric systems to ensure that only authorized persons are granted access.

B) PROTECTION OF ACCESS CONTROL SYSTEMS

The access control systems and the alarm systems are protected against power failure by UPS and diesel-powered emergency generators. In the event of malfunctions, access can be gained manually by authorized Hetzner employees.

C) SETTING UP SECURITY ZONES

Access to the INH systems is only possible by the group of persons defined by INH (management) and by a restricted group of persons at Hetzner.

D) KEY ISSUANCE

Keys are issued to a limited group of people. Access authorizations are only issued to authorized persons (whitelist), whereby an identity check is carried out using official photo IDs. The handover of keys is documented.

E) KEY CONCEPT

Access is secured by a physical (RFID chip) and a biometric (fingerprint) identification feature. The INH server cabinets have a digital lock.

F) VISITOR RULES

Visitors may only enter the data center when accompanied by authorized personnel or Hetzner employees.

G) RECORDING OF ACCESS

Every use of an ID tag (RFID chip) or biometric system is recorded electronically and logged with time data.

H) INTRUSION ALARM SYSTEM

Hetzner uses an intrusion alarm system whose messages are forwarded independently to the on-call services, which initiate appropriate measures in an emergency.

I) VIDEO MONITORING

Both the outside areas and the security-relevant areas inside the data center are under video surveillance.

J) CLOSED-SHOP OPERATION

The data center premises are used exclusively for data processing and are not accessible to the public.

2. Access, transmission and transport control (Data access / transmission / transport control)

Measures taken by Hetzner and Ayedo Cloud Solutions GmbH

Hetzner guarantees that only authorized persons can access the data released for use. Measures such as encryption and access restrictions ensure that personal data cannot be read, copied, changed or removed without authorization during processing and storage.
Ayedo Cloud Solutions GmbH supports INH GmbH in the support and management of the IT infrastructure, in particular by operating and monitoring the container-based applications (Kubernetes and Docker). Ayedo offers customized cloud solutions and ensures the security and availability of the systems through the following measures:

  • Access control: Ayedo ensures that access rights are only granted to authorized persons. This is done by implementing and managing secure access protocols in coordination with INH GmbH.
  • Security configuration and monitoring: Ayedo manages security protocols, firewalls and VPNs to secure data transmission. They provide continuous monitoring of the infrastructure and proactive measures to detect and resolve problems.
  • High availability and scalability: Ayedo ensures highly available and scalable cloud services, including load balancing, automated backups and data encryption. These measures guarantee secure and efficient data processing and transmission.

Further measures by INH GmbH and Ayedo Cloud Solutions GmbH at the data center location at Hetzner:

  • Configuration of the application servers with Docker containers with minimal services and automatic releases at short intervals.
  • Use of firewalls, including GEO locking concept for whitelisting IP ranges.
  • Patch and security concept for regularly updating systems and closing known security gaps.
  • Server administration only for a restricted group of people via public key authentication.
  • Login / password protection through state-of-the-art hash procedure and encrypted https transmission.
  • Storage of sensitive customer data with strong cryptographic procedures, where the keys are stored separately from the code and database.

3. Reliability, availability and integrity of the IT systems used (Reliability, Integrity, Availability)

Measures from Hetzner
A) UPS (UNINTERRUPTIBLE POWER SUPPLY)

Hetzner uses an uninterruptible power supply (UPS) for continuous operation in the event of a power failure. The UPS systems are designed with N+1 redundancy.

B) EMERGENCY POWER GENERATORS

Emergency power generators secure longer power interruptions. Refueling during operation is possible if necessary. The gensets are maintained in accordance with the manufacturer’s specifications.

C) FIRE PROTECTION

The data center is divided into several fire compartments. A gas extinguishing system and portable fire extinguishers are available for spot firefighting.

D) FIRE ALARM

Hetzner uses a fire alarm system that activates the gas extinguishing system and alerts the on-call service.

E) AIR CONDITIONING

Hetzner’s data centers are equipped with redundant air conditioning.

F) OBJECT SECURITY IN PARTICULAR OF THE SERVER ROOMS

Customer cabinets and areas in the data center are physically secured by locked cabinets or cordoned-off areas. Access security, video surveillance and security services are in place in accordance with the access controls described.

Measures taken by INH GmbH:

  • Multiple redundant hardware and software design of the application and database servers.
  • Automated monitoring of server systems and services with notification and escalation in the event of a problem.
  • Mirroring of the data on at least three separate server systems.
  • Regular backup rotation.
  • Automated software tests to ensure platform functionality.

4. Order control (data processor control)

Measures from Hetzner

Hetzner shall act exclusively within the framework and scope of INH GmbH’s orders and in accordance with its instructions.

A) CONTROL MEASURES

The control measures are coordinated between INH and Hetzner and integrated into Hetzner’s operating procedures.

B) OBLIGATION OF CONFIDENTIALITY ACC. ART. 28 ABS. 3 LIT. B GDPR AND § 88 TKG

All Hetzner employees are committed to data protection, confidentiality and telecommunications secrecy.

C) DATA PROTECTION INSTRUCTIONS

Hetzner has appointed a data protection officer.

D) DATA PROTECTION INSTRUCTIONS

Hetzner employees are regularly trained in data protection issues. Measures taken by INH GmbH:

  • Order processing management, documentation of the order and processing.
  • Appropriate selection and pre-screening of service providers.
  • Ongoing monitoring of service providers.

5. Organizational control

Measures taken by INH GmbH:
  • Obligation of employees to maintain data secrecy (according to Art. 90 GDPR, § 53 BDSG-new).
  • Organizing events and training courses on the topic of data security.
  • Development and regular revision of safety guidelines/rules of conduct.
  • Regular evaluation and monitoring of the defined processes and measures.

6. External information