IS Tools is a cloud service for the creation and management of custom database applications. A new IS Tools' customer is allocated an application space and at least one user account with super user access for this application. The super user can then create tables, fields, forms/views, reports and business logic - all relevant parts of the application. Such changes can be performed by the super user throughout the application lifetime.
The General Data Protection Regulation (GDPR) effective from May 25:th 2018 governs personal data. In Sweden, Integritetsskyddsmyndigheten is the government body for GDPR.
IS Tools is the controller for the information related to the user account. IS Tools is also processor when personal data is managed within the application and a Data Processing Agreement is in place. As a cloud service, IS Tools is in this case comparable with other cloud data storage services. IS Tools has no inherent knowledge of a customer's application content, similar to other suppliers like Dropbox, Google Drive or Microsoft Onedrive.
All users in an application each use a unique user account for application access. The user account is used for access control also to information and functionality within the application, and also for tracability. All data created and managed is labeled with the user account issuing the update.
As a consequence, following the introduction of GDPR, user accounts can be erased. The information will remain stored after erasing a user account, but with no trace of the erased user account.
The management of personal information is part of IS Tools' cloud service terms of service. In addition IS Tools will offer Data Processing Agreements for customers where circumstances indicate applicability.
Security – data protection
IS Tools' cloud service incorporates protection for secure and safe use.
The data centers used are certified according to relevant standards with solid physical access controls. Screenings and certifications apply for authorized data center personel. Physical access is monitored and logged. Redundant storage is used, and automatic routines for backup is employed.
Customer's data is stored in a propriatary meta data format in the storage layer of IS Tools, which prevents it from being readable when accessed directly from the storage. Data is assembled when users request information in forms/views or reports.
The routines for IS Tools' personel are designed to avoid accessing readable customer data, and manage files only for backup purposes.
The system is safeguarded by firewalls filtering access only through certain ports and protocols. Port scannings are prohibited and every case is investigated by our suppliers. On port scan detection the source is black listed and access is blocked.
Vulnerability analysis and penetration tests are performed by third party specialists.
Functions for automatic removal of data are available.
- Closed applications are erased periodically.
- Backups are kept a limited time and are then overwritten.
- Logs and temporary data have a limited retention, and are automatically erased afterwards.
IS Tools servers are connectd to the Internet, and are protected by firewalls limiting incoming connections only used by the application or supporting functinality.
IS Tools limits privileged access to information on servers with customer information only to full-time staff within operations and support. Network Layer Controls warrant encrypted tunnel access is enforced.
The password complexity is configurable with several parameters such as minimum lenght and requirements on type of characters. User Accounts can be set to expire at a certain date. Failed login attempts per time is configurable. No passwords are logged or stored in plain text. A one-way encrypted hash is stored. Login information is always encrypted with TLS/SSL. Encrypted data storage (encryption at rest) is available as option.
Security - limiting access to information
Limited access to personally identifiable information
IS Tools' customers can manage their own users' access to personally identifiable information (PII).
The design of the role-based access framework in IS Tools makes it possible comply with the demands from GDPR to limit the access PII.
Within the application using the role-based access framework, the administrator can create roles for accessing information, forms/views and reports/imports. Any role can be assigned to a user of the application.
For example the role PII can be created for this purpose. In IS Tools it is always possible to see which users have a particular role assigned.
For more information, please see GDPR - Guide.
A user is authenticated with the username and password for the user account. The complexity of the password is configurable within the password policy together with a set of other parameters.
Multi-Factor Authentication (MFA) with SMS is available as an option. Using this, a text message with a code is sent to the user account's phone number, which must be entered by the user in order to login.
Another option is to use the customer's Identity Provider (IdP) with SAML integration, and thereby enable Single Sign-On (SSO) and the customer's own MFA.
GDPR requirements and compliance within IS Tools
Encryption of storage
Applications using sensitive information should be encrypted. Encryption of storage (encryption as rest) is available for IS Tools as an option, which comes at a cost (3rd party dependent) but that is simple to implement. Adding encryption to the storage does not require any change of the cloud service, it is only an add-on in the storage layer.
IS Tools logs changes for traceability. Logging changes in data, such as the creation oa a new record, updated fields and removed records can be activated by an application administrator. It is then possible to filter out changes made per table, field, range, user and form. The change log holds data from a configurable amount of days. This log does not include information access as the read-log does.
To be able to trace information access of sensitive data (for instance personally identifiable information) fields can be labeled for read-log. This labeling creates a log trace whenever the field is included in a form or in a report. It also creates a log trace if the field is accessed through the API.
In the corresponding administration interface it is possible to view information on when, who and where a labeled field was accessed or read.
Log Changes to Access Control
All access changes to roles and role memberships are logged.
Autmatic removal of PII
It is possible to make use of the configurable business logic to automatically notify administrators regarding labeled information that has been unused for some time, and that may thereby be subject for removal.
Customers storing PII may have to provide a possibility for authorities to read log traces of PII. This can be achieved by:
- Exporting the Read Log.
- Creation of a temporary user account with access to the Read Log within the application.
Data Subject's Rights
Possibility to meet Data Subject's rights can be achieved by:
- Creation of a temporary user account with access only the information on the Data Subject.
- Prepare a report template including PII using Data Subject as parameter.
Avoiding Unvalidated Text Input
To minimize the risk of inserting PII by mistake, it is possible to use the validation framework with pattern or other conditions.
IS Tools' customers manage their own applications, and can create relevant validations surrounding their information.
Configuration of Applications with PII - Recommendations
IS Tools has produced recommendations surrounding management of applications with PII, from a maintenance and ease-of-use perspective.