Veiligheidsverklaring

Wanneer u Sunrise sites benadert met behulp van standaard Secure Socket Layer (SSL) technologie, is uw informatie beschermd met behulp van zowel serververificatie als gegevenscodering, om ervoor te zorgen dat uw gegevens veilig en alleen beschikbaar zijn voor geregistreerde gebruikers in uw organisatie. Uw gegevens zijn niet toegankelijk voor onbevoegden. Sunrise biedt elke gebruiker in uw organisatie een unieke gebruikersnaam en wachtwoord dat steeds moet worden ingevoerd wanneer een gebruiker zich aanmeldt. Sunrise gebruikt alleen "cookies" voor gecodeerde verificatie-informatie tijdens een sessie. De "cookie" bevat geen gebruikersnaam of wachtwoord van de gebruiker. Sunrise gebruikt geen "cookies" om andere, vertrouwelijke gebruikers- en sessie-informatie op te slaan, maar gebruikt meer geavanceerde beveiligingsmethoden gebaseerd op dynamische gegevens en gecodeerde sessie-id's. Bovendien wordt Sunrise gehost in een veilige serveromgeving die gebruikmaakt van een firewall en andere geavanceerde technologie om te voorkomen dat indringers zich toegang verschaffen en verstoringen veroorzaken. Veiligheidsexperts die veiligheidsproblemen aan Sunrise willen melden, worden verwezen naar de procedure over kwetsbaarheidrapportage (Vulnerability Reporting Policy) hieronder.

Confidentialiteit

Sunrise understands that the confidentiality, integrity, and availability of our customers’ information are vital to their business operations and our own success. We use a multi-layered approach to protect that key information, constantly monitoring and improving our application, systems, and processes to meet the growing demands and challenges of security.

Internal and Third-party testing and assessments

Sunrise tests all code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities. Third-party assessments (Mcaffe secure) are also conducted regularly: Application vulnerability threat assessments Network vulnerability threat assessments Selected penetration testing and code review Security control framework review and testing

Bewaking

Our Information Security department monitors notification from various sources and alerts from internal systems to identify and manage threats.

Beveiligde data centers

Our service is collocated in dedicated spaces at top-tier data centers. These facilities provide carrier-level support, including: Access control and physical security 24-hour manned security, including foot patrols and perimeter inspections Biometric scanning for access Dedicated concrete-walled Data Center rooms Computing equipment in access-controlled steel cages Video surveillance throughout facility and perimeter Building engineered for local seismic, storm, and flood risks Tracking of asset removal

Klimaatcontrole

Humidity and temperature control Redundant (N+1) cooling system

Stroom

Underground utility power feed Redundant (N+1) CPS/UPS systems Redundant power distribution units (PDUs) Redundant (N+1) diesel generators with on-site diesel fuel storage

Netwerk

Concrete vaults for fiber entry Redundant internal networks Network neutral; connects to all major carriers and located near major Internet hubs High bandwidth capacity

Branddetectie en -bestrijding

VESDA (very early smoke detection apparatus) Dual-alarmed, dual-interlock, multi-zone, pre-action dry pipe water-based fire suppression

Veilige gegevensoverdracht en sessies

Connection to the Sunrise environment is via SSL 3.0/TLS 1.0, using global step-up certificates ensuring that our users have a secure connection from their browsers to our service. Individual user sessions are identified and re-verified with each transaction, using a unique token created at login

Netwerk bescherming

Perimeter firewalls and edge routers block unused protocols Internal firewalls segregate traffic between the application and database tiers Intrusion detection sensors throughout the internal network report events to a security event management system for logging, alerts, and reports A third-party service provider continuously scans the network externally and alerts changes in baseline configuration

Rampenplan

The Sunrise service performs real-time replication to disk at each data center, and near real-time data replication between the production data center and the disaster recovery center Data are transmitted across encrypted links. Disaster recovery tests verify our projected recovery times and the integrity of the customer data

Back-ups

All data are backed up to tape at each data center, on a rotating schedule of incremental and full backups The backups are cloned over secure links to a secure tape archive Tapes are not transported offsite and are securely destroyed when retired

Privacy

At Sunrise there is no higher priority than the privacy and security of our customers' data. We believe that protecting the privacy of our customers' data is integral to our mission of earning and maintaining the trust of each of our customers. We seek to lead the industry as a trusted repository for customer data through a world-class privacy program and provide a secure infrastructure and flexible tools that help enable our customers to comply with global privacy and data protection regulations.

Melden van veiligheidsrisico's

The Sunrise security team acknowledges the valuable role that independent security researchers play in Internet security. Keeping our customers’ data secure is our number-one priority, and we encourage responsible reporting of any vulnerabilities that may be found in our site or application. Sunrise is committed to working with the security community to verify and respond to any potential vulnerabilities that are reported to us. Additionally, Sunrise pledges not to initiate legal action against security researchers for penetrating or attempting to penetrate our systems as long as they adhere to the conditions below.

Testen van veiligheidsrisico's:

Conduct all vulnerability testing against Trial or Developer Edition organizations (instances) of our online services to minimize the risk to our customers’ data.

Melden van een mogelijk veiligheidslek:

Privately share details of the suspected vulnerability with Sunrise by sending an email to security@mysunrise.eu Provide full details of the suspected vulnerability so the Sunrise security team may validate and reproduce the issue

Sunrise staat de volgende typen van onderzoek niet toe:

Causing, or attempting to cause, a Denial of Service (DoS) condition Accessing, or attempting to access, data or information that does not belong to you Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you

Commitment van het Sunrise security team:

To all security researchers who follow this Sunrise Vulnerability Reporting Policy, the Sunrise security team commits to the following: To respond in a timely manner, acknowledging receipt of your report To provide an estimated time frame for addressing the vulnerability To notify the reporting individual when the vulnerability has been fixed

Geen vergoeding:

Sunrise does not compensate people for reporting a security vulnerability, and any requests for such compensation will be considered a violation of the conditions above. In such an event, Sunrise reserves all of its legal rights.

Contact informatie omtrent juridische zaken General Legal: legal@mysunrise.eu Compliance: legal@mysunrise.eu Copyright: copyright@mysunrise.eu

Innovatie

We are always busy to identify and use the latest technologies and design techniques to make Sunrise everything you want it to be. If you have suggestions, feedback, or ideas, please don't hesitate to contact us at info@mysunrise.eu.