Question: How do you limit access to customer data and the service itself to only authorized, authenticated individuals?
Answer: Only our operations team has access to security critical systems. Our servers can only be accessed via secure SSH keys. System deployments are fully automated and logged. All manually performed maintenance work is also logged.
The authorization scheme and access rights are implemented in accordance with their logging requirements:
-
Dedicated access levels (profiles, roles, transactions and objects)
-
Evaluation
-
Notice