Get Your Free RADAR Demo
Security
GET Information Technology GmbH (also "GET IT," "we," "us," and "our"), the developer of RADAR, strives to provide a safe and reliable service to all users.
In our ongoing commitment to security and following industry best practices, we have adopted a range of measures to help safeguard the confidentiality and integrity of data our clients have entrusted to us and we consistently do everything in our powers to protect personal and business data stored on our site against unauthorized access, alteration, disclosure, or destruction.
Below is a general overview of the main security features that help our clients feel confident in our service.
Flexible deployment
Separate environments
Security testing
Multi-tenant architecture
Each client account has a dedicated database instance that is physically and logically separated from the rest, ensuring no visibility to other tenants and preventing data corruption and intersections between different client accounts.
Authentication
Role-based access permissions
To protect against insider threats, users with owner and admin rights are provided with fine-grained role-based access control mechanisms helping to ensure that other users can only view and edit the data they are allowed to on an individual level.
Data encryption
All data sent between users and the RADAR application is encrypted in transit over public networks via HTTPS using Transport Layer Security (TLS). This also applies to all login pages.
Data backup and redundancy
GDPR compliance
As a company that serves users in the European Union, we are fully compliant with the General Data Protection Regulation (GDPR), which essentially allows all our clients to benefit from the high data privacy standards. For more information on our privacy practices, please see our Privacy Policy.
- Cloud: The RADAR system is hosted on a physically isolated server at a Tier III and ISO 27001 certified data center operated by STRATO AG. The employed facilities are located in a secure and secret location in Germany with 24/7 monitoring and physical access control.
- On-premise: RADAR can be securely deployed on a client's in-house server infrastructure, allowing to comply with established corporate security standards and policies.
Separate environments
- Application development, testing and staging environments are physically and logically segregated from the production environment, ensuring that no actual user data is used in the development or testing.
- Production environment is accessible to a strictly limited number of authorized DevOps engineers. RADAR support and maintenance teams can only access user account data upon a specific client request.
Security testing
- Our internal quality assurance department continuously performs both static and dynamic analysis to review and test the RADAR code base for bugs and security vulnerabilities.
- Targeted application-level and infrastructure-level penetration tests and audits are regularly conducted by third-party security experts.
Multi-tenant architecture
Each client account has a dedicated database instance that is physically and logically separated from the rest, ensuring no visibility to other tenants and preventing data corruption and intersections between different client accounts.
Authentication
- RADAR is protected against brute force login attacks and operates a strict credential policy that requires users to employ strong and original passwords.
- All user passwords are processed using hash functions and stored in non-human-readable format.
- Every account login attempt is recorded in a detailed access log to detect signs of suspicious activity and prevent intrusion.
Role-based access permissions
To protect against insider threats, users with owner and admin rights are provided with fine-grained role-based access control mechanisms helping to ensure that other users can only view and edit the data they are allowed to on an individual level.
Data encryption
All data sent between users and the RADAR application is encrypted in transit over public networks via HTTPS using Transport Layer Security (TLS). This also applies to all login pages.
Data backup and redundancy
- Account data is fully backed up daily, following a strict backup regime.
- To avoid a single point of failure, the employed data center facilities have multiple levels of redundancy built in, including a fault-tolerant power supply, modern fire protection, detection and suppression systems, and independently dual-powered cooling equipment.
GDPR compliance
As a company that serves users in the European Union, we are fully compliant with the General Data Protection Regulation (GDPR), which essentially allows all our clients to benefit from the high data privacy standards. For more information on our privacy practices, please see our Privacy Policy.
© 2019 GET Information Technology GmbH
For more information, please contact us at:
