Data Security

Revised Date: 16th Apr 2019 | Version 1.0

Data Security - FullSail Systems UG (haftungsbeschränkt)

Physical Security
Our FullSail Systems (“FSS”) datacenters are co-located in some of the most respected datacenter facility providers in the world. We leverage all of the capabilities of these providers including physical security and environmental controls to secure our infrastructure from physical threat or impact. Each site is staffed 24/7/365 with on-site physical security to protect against unauthorized entry. Security controls provided by these datacenter facilities includes but is not limited to:

• 24/7 Physical security guard services
• Physical entry restrictions to the property and the facility
• Physical entry restrictions to our co-located datacenter within the facility
• Full CCTV coverage externally and internally for the facility
• Biometric readers with two-factor authentication
• Facilities are unmarked as to not draw attention from the outside
• Battery and generator backup
• Generator fuel carrier redundancy
• Secure loading zones for delivery of equipment

Infrastructure Security
FullSail Systems infrastructure providers are secured through a defense-in-depth layered approach. Access to the management network infrastructure is provided through multi-factor authentication points which restrict network-level access to infrastructure based on job function utilizing the principle of least privilege. All access to the ingress points are closely monitored, and are subject to stringent change control mechanisms.

Systems are protected through key-based authentication and access is limited by Role-Based Access Control (RBAC). RBAC ensures that only the users who require access to a system are able to login. FSS infrastructure providers consider any system which houses customer data that FSS collects, or systems which house the data customers store with FSS to be of the highest sensitivity. As such, access to these systems is extremely limited and closely monitored.

Additionally, hard drives and infrastructure are securely erased before being decommissioned or reused to ensure that your data remains secure.

Access Logging
Systems controlling the management network at FSS hired premises log to a centralized logging environment to allow for performance and security monitoring. The logging includes system actions as well as the logins and commands issued by the system administrators.

Security Monitoring
Our infrastructure providers run security teams utilizing monitoring and analytics capabilities to identify potentially malicious activity within the infrastructure. User and system behaviors are monitored for suspicious activity, and investigations are performed following a professional incident reporting and response procedure.

Datacenter Colocation Attestations and Certifications
All of our leased datacenters are independently audited and/or certified by various internationally-recognized attestation and certification compliance standards. Many of the SOC reports and certifications listed below are available if a signed NDA is in place between FullSail Systems and our customer.

Below is the list of our leased datacenters and the associated most commonly requested attestations / certifications. To request a NDA for a SOC report / certificate listed below, or if you have any other compliance related questions please contact our Customer Support team here.