Initial notes from FotoWare's Data Protection Officer
FotoWare works with clear routines and measures with regard to data security and data storage. We appreciate that customers trust us with their data, and we take seriously the responsibility we have for safeguarding that data and for being open about the way we process it.
When FotoWare made the move to the cloud, we decided to partner with Microsoft. They demonstrate a healthy track record in data security, and their Azure cloud platform has received great acclaim as a secure, versatile development platform. In fact, Microsoft is continually working to implement new security certifications to the point where they're now approved for hosting sensitive government data in some countries.
At FotoWare, the security of our customers' data is a top priority, as you would rightly expect from a SaaS vendor. We think "security first" in everything we do, and we work diligently to improve the way we build our systems for maximum security. Essentially, there are five core areas that have an impact on the overall security of the service we offer:
Choice of platform
Our solutions run on, and data is stored on, the Azure Cloud platform. This is a safe, scalable platform used by cloud software vendors all over the world. It affords us tools to control the location of your data, its replication to avoid data loss and the security mechanisms needed to keep it safe. Indeed, we trust Azure to the point where all our own services run on the same platform.
Developing solutions with security in mind
Everything we make is "privacy by design". We subject our code to automatic testing and user testing, and from time to time we use external parties to scrutinize and evaluate the security of individual parts of our offering and the system as a whole. Their findings are reviewed and ultimately end up on our drawing board if improvements are needed.
Enforcing strong encryption
Encryption is a given these days, and we make sure all the data that moves between clients and servers is encrypted by security tech such as HTTPS and Transport Layer Security. Data is also encrypted when it's committed to storage in the Azure data center. - what's commonly referred to as encryption at rest.
Limiting access to trusted personnel only
We limit who can access your data. When you call FotoWare Support to get help, we will ask for your consent before doing anything that affects your data. Technical and organizational safeguards are in place to limit access. When we use third-party suppliers to provide additional services, we assess whether they can provide the appropriate level of security and privacy that we require.
Service Monitoring and automatic incident reporting
Our staff is on guard 24/7 to respond to security incidents, big or small, and our Data Protection Impact Assessment plan is continually updated and revised so we can be prepared for anything that might come.
Should you have additional questions, we'd like to hear from you!
Contact us at privacy(at)fotoware.com
Olav Andreas Frenning, Data Protection Officer at FotoWare
Steps taken by FotoWare to protect your data
The points below summarize what FotoWare is doing to protect your data and deals with some of the questions that often come up with regard to security and GDPR.
FotoWare IT Security
Both management and employees at FotoWare are aware of the risks in this context and take responsibility for their respective roles in IT security:
- The supervisors appointed have clearly defined areas of responsibility, with which all employees are familiar
- The company takes steps to secure data and systems responsibly, irrespective of which platform, environment or country is involved in the storage, processing or copying of these data.
- FotoWare has a system and contingency plans – based on preventative control measures and warning systems combined with vigilant employees – to deal with breaches, viruses, natural disasters (such as fire and water leaks) and hacking
Access to the FotoWare customer database is only granted to authorized users, and must be documented and updated at all times. The systems are checked regularly for risks and vulnerability.
- Approved virus scanning software has been installed on all computers connected to the FotoWare CRM and ERP databases.
- The antivirus software is kept updated at all times
- Backups are taken daily
To log onto the customer database, users need valid credentials, and must comply with the password regulations that apply to all FotoWare employees as set forth in the Data Discipline Declaration, and which they signed as part of their contract of employment.
Data Discipline scheme for FotoWare staff
- All employees have signed a Data Discipline declaration confirming that they understand, accept and undertake to comply with the data discipline regulations.
- All users of FotoWare CRM and ERP systems must sign the data discipline declaration before they are authorized to use these systems. FotoWare's IT staff is responsible for ensuring that employees sign the declaration on being allocated their user profiles. The agreement must also be signed by temporary staff, such as summer substitutes, interns and consultants.
- FotoWare's CEO and CTO are jointly responsible for ensuring that all internal users sign the declaration. Signed declarations are filed.
- FotoWare employees undertake to comply with FotoWare rules for IT security, as defined in the “Data discipline declaration for employees” and general rules and regulations for data security. Employees understand and accept that failure to comply with these rules and regulations may have serious consequences, possibly, depending on the gravity of the failure, resulting in the immediate termination of employment.
Data Backup routines
FotoWare takes daily backups of servers and databases. The process runs automatically, but additional manual backups can be taken as and when required. Backups are taken using Microsoft Azure Recovery Service Vaults.
Disk backups are run automatically every day to allow FotoWare to restore its files, databases and systems more rapidly if necessary.
FotoWare reviews its backup routines annually. These reviews involve quality assurance, checking which data is stored where, and confirming that backups are being made as stipulated. The IT Supervisor is responsible for performing the routine review.
The IT Supervisor also logs the review and ensures that the logs are available for IT staff on an intranet wiki.
Customer data security – Frequently Asked Questions
Where does FotoWare store data?
FotoWare SaaS is currently available in the following Microsoft Azure Regions:
- US East
- EU West
- German Cloud (Deutsche Telekom)
- Australia East
Data will not be moved outside these regions.
Note: Under the General Data Protection Regulation, the EU/EEA is defined as a single zone, which means that a data center within the EU is sufficient to meet the GDPR requirements.
However, German law dictates that certain businesses must host their data in a German data center, in which case data will be stored in the German Cloud exclusively.
How does FotoWare safeguard customer data in its operational systems?
FotoWare stores all data from its operational systems on FotoWare's own servers in the Azure cloud, or on Azure PaaS Services.
More information on Azure security can be found in Microsoft's documentation: https://www.microsoft.com/en-us/trustcenter/security/azure-security
We also use several subprocessors to provide supportive services for our SaaS offering, among other things for email services and for the services used to operate our customer support center. Your rights of access, to erasure and to portability under GDPR are maintained through your contract with FotoWare.
We are also in the process of implementing a DPIA scheme (Data Protection Impact Assessment), which will be reviewed and updated regularly to keep us on top of security matters.
How does FotoWare secure customer and user data in the SaaS offering?
FotoWare SaaS runs on the Microsoft Azure cloud platform. FotoWare SaaS customers who upload data to the tenant can rest assured that the data is encrypted in transit and at rest.
If a customer wishes to assign a custom domain name to the tenant, we will assist in installing a trusted certificate on the server infrastructure for secure, encrypted client-server connections. In addition, data is encrypted on the Azure Cloud when it is committed to storage. When the data is requested, it is decrypted on demand.
Additional information on encryption for data at rest can be found in the Microsoft Azure documentation.
Is data replicated?
Yes, all data that is stored on the Azure cloud is made redundant. The data that you upload to your FotoWare SaaS site is thus replicated in multiple copies to prevent data loss in the event of hardware failure.
Can anyone at FotoWare see my data?
FotoWare support personnel has access to the server infrastructure, and as such can access your data from a technical standpoint. However, FotoWare has strict routines and enforces auditing and logging of access to prevent unauthorized access. In cases where the customer has approved such access, for example in connection with a troubleshooting scenario, explicit consent will be obtained. FotoWare enforces strict access control to both its internal systems, and its customers' cloud tenants. We maintain administrative, physical and technical safeguards to protect the security, confidentiality and integrity of our customers' data. They include, but are not limited to, measures for preventing access, use, modification or disclosure of customer data except for the purpose of providing FotoWare's services and prevent or address technical problems.
The Data Discipline Declaration signed by all employees states that data must only be used for the purpose for which they were collected, and only for purposes and by users to which the customer/partner has given consent. FotoWare will ensure that access to systems that expose customer data is limited, logged and audited so we can tell who accessed the server, at what time and for what purpose. In the event of infrastructure maintenance, FotoWare will advance inform all affected Customers about the allotted service window by email.
The main takeaway is that we will always ask for consent before accessing your personal data.
What happens to my data if I cancel my FotoWare SaaS subscription?
We would be sorry to see you go, naturally. But we'll do our best to make your data migration as smooth as possible. We will help you move your data to a server of choice. Typically, this involves setting up an FTP connection or other means of transfer. After transferring your data, we will delete the tenant and erase all the data you had on our servers.
Will FotoWare help me delete data when a user wants to be erased?
Yes, and we have an obligation to do so under GDPR. That said, customers can easily retrieve data in the SaaS tenant themselves by searching for, retrieving and deleting content. Typically, one would make sure data fed into the system has sufficient metadata governance to facilitate easy retrieval of the data. This is the very nature of a Digital Asset Management system such as FotoWare. By default, data can only be deleted by archive managers (members of the FotoWeb DAM Managers group). FotoWare can also assist in the retrieval of data by offering guidance on search methods, given that the metadata stored with the assets is sufficient to retrieve them. FotoWare support engineers, who will typically be involved in such an undertaking, will not access your data, modify or delete it without your explicit prior consent.
Typically, though, FotoWare will assist the customer in implementing a metadata governance scheme at the time of deployment of the service, so that customers can themselves perform data retrieval and deletion without requiring the assistance of FotoWare.
What does FotoWare do to prevent a potential data breach?
A data breach is not something software vendors are hoping for, yet we understand the necessity of having clear guidelines on what to do should such a situation arise. Our customers' privacy is paramount to our business. To that end, we are designing all our solutions with privacy in mind - you may have heard of the concept of Privacy by design - so that the impact of a potential data breach can be kept to an absolute minimum. When we design new features, the protection of data privacy is always a central part of the planning and development process.
We are continually working to hone our routines to better cope with the prospect of a data breach.
While we currently have data security assessment routines in place, we are bringing these in line with GDPR by implementing a fully GDPR-compliant Data Protection Impact Assessment (DPIA) scheme to help us stay conscious and alert to areas where we need to improve.