nvt

No production information is exposed or reused in environments other than for acceptance testing. This includes production data (also not pseudonymised), API keys, credentials and production server hostnames.

After a period of 45 days of inactivity or at the end date of a formal relation with the organisation for which the account was provided, accounts are automatically blocked. After 90 days the account is deleted or stripped of all authorisations. Unblocking accounts follows the same approval process for requesting access as Joiner/Mover situations.

How long data is retained and available is identified and recorded and adheres to the minimum legal or business requirements. After this period, data is deleted and unrecoverable. This includes sensitive data stored on hardcopy which needs to be properly shredded and destroyed.

After the retention period or when the data medium is decommissioned, lost or repurposed, organisation data is deleted. End users receive sufficient warning before data is deleted.

There are measures to prevent users from downloading entire datasets. Additionally, or if these measures cannot be implemented, alerting and monitoring for users downloading large amounts of information from the service is in place.

The proces owner authorises distribution of confidential information explicitly to any recipient, internal or external to the organisation. For all non-incidental data transfers, the authorisation is documented and reviewed yearly. The authorisation includes which data can be shared, which persons/systems are authorised and under what conditions. Data can only be moved to hardcopy with express permission of the data owner. Information Security policy and controls are equally applicable to hardcopy data.

Data at rest is always stored encrypted. The organisation is responsible for the key management of the chosen encryption solution, either directly, contractually or through policies.

Automatic forwarding of email to external addresses is denied-by-default.

All data in transit is transferred over encrypted connections, using the encrypted versions of protocols or encapsulation of plaintext protocols over encrypted connections.