Security
Avista Time, as the personal data assistant, is responsible for the technical and organizational security measures in and around the Avista programs. This means that we at Avista ensure that there is always the necessary security measures, such as encrypted communication, storage with high security, authorization control, the ability to make register extracts and delete personal data. When there are no functions in the program to handle the personal data, we have internal procedures for this. The actions that Avista Time performs are described below.
Authentication and Encryption
All data communication takes place with Secure Sockets Layer (SSL). To gain access to Avista, login with username and password or NFC (Near Field Communication), which is a physical device that is linked to a specific user is required to access the system. Passwords are usually the weakest link and users tend to use passwords like: "1234".
Read more about secure passwords here.
Avista uses encrypted communication in the form of 256-bit SSL encryption. Data communication to and from the User's digital device is encrypted with SSL, which is an established and widely used Internet standard for encrypted communication. To prevent unauthorized persons from gaining access to information if a computer is left unattended, the system automatically logs the user out after a time interval selected by the customer. The customer always bears the risk of unauthorized use of Avista as a result of the user leaving a logged-in computer unattended.
There is continuous verification of users. Each call to avistatime.com involves a check of the login's authorization.
Storage and Backups
Avista is operated on servers in data centers that are monitored around the clock and staff are always available. The data is stored in at least two geographically separated locations within the EU. Full redundancy and backups are taken daily. Our operating supplier is Hetzner AG. Read more here.
Avista Time's services are based on a modern server platform with multi-level redundancy. Server environment and network are protected by firewalls. In addition to this, the facility is proactively monitored by monitoring and analyzing firewalls and system logs.
Avista has comprehensive backup routines that ensure continuity of services. The encryption of the User's password remains during the backups. Full backups are made daily.
Knowledge and Information Protection
Only a few key people know how the security system is structured.
All personnel are bound by a confidentiality agreement that prevents the dissemination of data, information, and the customer's or user's personal data. Only authorized personnel have access to the data.