| Scroll export button | ||||||||
|---|---|---|---|---|---|---|---|---|
|
| Info |
|---|
This document provides information on built-in security features of the Wildix system, ISO compliance and GDPR. Updated: August 2021 Permalink: https://wildix.atlassian.net/wiki/x/pQvOAQ |
Security is a top priority for Wildix and all the security features are built-in inside the product, which means the Wildix System is Secure By Design and security is not delegated to third party devices.
...
Wildix Cloud services are located in data centers that undergo ISO 27001 and ISO 22301 audits. These data centers share hosted facilities space with the world’s largest Internet companies. The geographic diversity of these locations act as an additional safeguard which minimizes the risk of service interruption due to natural disasters.
Privacy and GDPR Security
Note: Article 4 of the EU General Data Protection Regulation defines data controllers and data processors as below:
(7) ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
(8) ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Both Wildix and all the System Integrators (Wildix Business Partners) who process data of customers residing in the European Union (regardless of whether the data processing takes place in the EU or not), are Data processors.
...
| Questions | Answers |
|---|---|
What are the information flows within the system and between it and other services? |
|
What are the principle methods of transporting information? |
Note: 80 and 443 ports can be changed. |
Are the data shared with any other third parties? | No. |
What firewalls or network control measures are used to protect thesystem/data? | SIP firewall in PBX and high security by design withpasswords and 2factors protection. Data firewall remains important on remotesite. |
Is the system ISO 27001 compliant? | Yes. See this chapter. |
Access Control
| Questions | Answers |
|---|---|
Which access methods are available to access the system? |
Note: Details can be found in WMS Start Guide. |
What system enforced password settings are active for users?
|
|
What additional measures are in place to secure administrator accounts. (e.g. stronger passwords or crypto keys required to access systems) |
|
Is two-factor auth mandatory? | It can be mandatory, managed by ACL rules. |
How does the system hand out the necessary privileges for users to gain the correct access to information? How does it prevent access to the wrong material? | Admin can limit/ allow access to certain PBX services and features by ACL rules. |
How can unauthorised access be detected? |
|
What logs are kept of successful/ unsuccessful usage attempts? | System logs (including all attempts). |
...