Security concept for your data
We are frequently asked: What about the security of my data when I opt for Evalanche? And our answer is: Evalanche protects your data at all levels according to the highest standards of security; a consistent and robust security architecture serves as the basis for this. The basis is a consistent security architecture that we have laid around the usage of Evalanche.
After completion of comprehensive software quality audits, Evalanche is now the world’s first e-mail marketing solution to be awarded the certificate from TÜV SOUTH Product Service.
With state-of-the-art technical measures and with a contractual obligation of all employees of SC-Networks depending on their internal function to strict compliance with data secrecy pursuant to Section 5 of the Federal Data Protection Act (BDSG) and the compliance with work instructions, data protection guidelines and procedures relating to IT data security.
The Evalanche ASP Service is thus embedded in a bundle of maximum security and data protection measures in order to guarantee reliable access via the communication channels used.
ISO 27001 for the highest IT security standards
SC-Networks has been certified by TÜV Hessen according to ISO/IEC 27001:2013 in November 2015. SC-Networks can now officially prove the security and quality of its IT systems and business processes to its customers and partners.
The email marketing and lead management software Evalanche has been certified by TÜV Süd since 2011 in the areas of functionality and data security. According to the internationally leading standard for information security management systems the certification guarantees adherence to the highest IT security standards throughout the entire company.
The internal security
- The core of the security architecture of Evalanche are reliable and trustworthy employees who are bound to clear usage regulations for the internal IT and the Evalanche ASP service.
- A correspondingly trained data protection office initiates the documentation of the usage rules and monitors the application and compliance with all rules and measures relating to data protection. He informs and trains employees in data protection issues, in particular IT administrators and employees who come into contact with sensitive data through their work.
- All IT systems of SC-Networks are protected against attacks from outside by firewalls. These security measures are always kept up-to-date.
- Internal company servers are installed in separate and secured server rooms. Only the IT administrators have access to these rooms.
- Data on back-up media are kept in encrypted form and the media in secured form in a safe. Only the company management and the IT administrators have access to the safe.
The all-round protection in the data centre
- Evalanche runs as a fail-proof “software as a service” on server farms in two geographically separate and TÜV-certified high-performance data centres in Germany. Administration access is restricted to IT administrators of SC-Networks GmbH and authorised employees in the data centres.
- The highest standards of security apply in the data centres – multi-stage access controls via security gates with video surveillance prevent the entry of unauthorised persons.
- Seamless video surveillance in the data centre and logging of system access – in order to prevent access-authorised persons from unauthorised access to systems of third parties.
- State-of-the-art technologies to avoid fire with fire detection and fire prevention systems – protective gas extinguishing procedure in order to avoid damage through extinguishing water in the event of fire.
- Evalanche runs on multiple redundant systems – and remains accessible online even if individual systems fail.
- Data are stored on multiple redundant hard discs – with intactness of the data even if individual hard disks fail.
- Communication is done via multiple redundant Internet access points in the high-speed range – EVALANCHE remains accessible even if individual Internet access points fail.
- Reliable communication with 128-bit encryption via Transport Layer Security (TLS) and https – prevent the mining of your session by eavesdropping attacks.
- Redundant uninterrupted power supply (UPS) – even with lengthy power failures at the server site, Evalanche remains accessible via emergency power supply using diesel units.
Permission marketing and certification
- Through our membership of DDV, we are bound with Evalanche by the code of honour for legally compliant permission marketing – we thus distance ourselves explicitly from the dispatching of unwanted advertising by e-mail.
- Evalanche is certified by the Certified Senders Alliance (CSA) and is thus a member of the CSA white list – for high delivery rates during dispatch.
- Through cooperation with the Internet Service Providers (ISPs) and through constant blacklist monitoring, we protect ourselves against mailing blockades.
- Through a continuous comparison of the Robinson List, we prevent the receipt of unwanted advertising via Evalanche.
Your data are given maximum protection at our company
- We use personal details that you provide us with as part of the registration or enquiry solely in order to reply to your enquiry or to set up access for you to protected areas e.g. to the Evalanche account.
- We rule out any other commercial usage. You can revoke the consent you give to your personal details being stored at any time.
- According to the applicable law, we will notify you on request free of charge whether and which personal data are stored with us. We will correct or delete any wrongly stored data pursuant to your request.
- We protect data that you create and process in your Evalanche account reliably against unauthorised access and unauthorised disclosure and against falsification, manipulation, destruction and loss.
- We produce data back-ups on a continuous basis through automatic, time-controlled database back-ups – and store these at various secure sites in protected form against unauthorised access.
- On request, we also produce complete back-ups with free-of-charge sending – for additional security with storage directly with the owner.
- We continually protect the quality of your address data in address acquisition campaigns through the use of a competition agent blocker.
- Security-relevant updates of the software products are installed and activated at a central point. All system users are thus up-to-date at the same time.
Reliable protection against unauthorised access
- The sensitive data used at Evalanche are protected from unauthorised access through comprehensive security precautions at various levels. The basis is a differentiated roles and rights concept with information on what each user is allowed to see and what he or she may do with this information.
- Access to data of the Evalanche server is done by browser via a security architecture anchored in the software to avert unauthorised access. The secured access protocol is https with SSL certificate.
- Using IP masking, access to Evalanche can be limited to authorised networks. On request, we will also configure this restriction in differentiated form and differently for individual users, e.g. for user accounts and administration rights. Even if access data are stolen, unauthorised access externally can thus be reliably prevented.
- All security-relevant activities, e.g. log-in attempts are logged by the system.
- Review of the passwords with regard to the compliance with security-relevant features such as following when setting them up and changing them: Minimum length, use of capitals and small letters, numbers and special characters.
- Passwords are stored in the system in encrypted form – with single-use HASH code key.
- Time-controlled automatic ending of Evalanche sessions in the event of inactivity. The risk of misuse can thus be restricted when an authorised user leaves his or her workplace for a longer period of time and has forgotten to log out of the system. The session data are stored by the system so that a resumption is possible without loss of data.