Highest IT Security Standard for maximized Data Security!
For AGNITAS the topics of data protection and data security have top priority. Since the company’s foundation in 1999 we have observed the highest security standards for physical, electronic, and legal data protection measures.
With the implementation of a management system for information security conforming to the ISO 27001 norm, AGNITAS ensures the confidentiality, integrity and availability of information within the sphere of influence of the entire organization. And with full compliance to the regulations of the new EU GDPR, of course!
Your data are only hosted in German data center in Munich.
AGNITAS host data exclusively in German data centers!
Customers of AGNITAS don’t have to worry, that international authorities or secret services can claim for access to their data.
We host all data exclusively in German data centers and the German data protection law applies, which is one of the strongest worldwide. Besides through the ISO certification AGNITAS grants for highest standards in data protection and data security.
Information Security Management System according to ISO 27001
With the certification for ISO standard 27001:2017, the DEKRA granted AGNITAS the highest IT security standard for the whole company. The existing certification has been extended in 2017 by norms ISO 27017:15 for maximum data security in the cloud and ISO 27018:2014 for data protection in the cloud.
The ISO 27001 norm defines the requirements for the manufacture, commissioning, operation, monitoring, maintenance and improvement of a documented information security management system (ISMS), taking into account IT risks within the entire organization.
Excerpt of the most important ISMS processes and procedures:
- Information Security Management Forum for administration and monitoring
- Business Continuity Management for interruption-free business activity
- Security training for all employees
- Comprehensive monitoring systems and checklists for system and database administration
- Special rules for software development to ensure smooth processes
Genereal measures for the protection of your data
Regulations for data security:
- Strict behavioral rules for all employees to ensure that information in the security area is handled correctly and is not modified without authorization
- Strict access rules for all AGNITAS staff and visitors
- Data encryption system and special guidelines on external data exchange
Regulations for data protection:
- Written obligation to confidentiality according to the German Federal Data Protection Act (BDSG) Clauses 5 and 11 for all employees
- Externally operating data protection officer from a recognized law chancellery
- Deposition of the “Data Processing” obligation statement by AGNITAS in accordance with the German Dialog Marketing Association (DDV) directives
- Signing of the “DDV Code of Ethics for e-mail marketing” regarding voluntary self-restriction
Regulations for our data center in Munich:
- Physical access protection
- Electronic access protection
- Legal protection of data
- Prevention measures
Facts about our data center:
Our hardware is located in a trusted high-end data center in Munich, to which we have both physical and electronic access at all times.
- Guaranteed availability of 99.99 %.
- An inert gas fire extinguishing system
- Seven emergency power supply systems with diesel generators
- Redundant air conditioning system
Security rules for e-mail transmission utilizing E-Marketing Manager:
- Extensive and detailed checklists for trouble-free sending of mails
- Preventative measures and emergency plans should EMM-infrastructure be attacked and should database servers and systems fail
- Access protection for data contained in E-Marketing Manager, e.g. 2-way authentication, activity log, log-in-block after three failed login attempts
- Mobile 14-hour standby by AGNITAS (from 8:00 am till 10:00 pm, CET)
- 24-hour onsite standby service in data center
- Software system for monitoring of all critical systems such as servers and DBMS that automatically informs system administrators of failure by phone and email