Security and continuity
At Comrads, we know that security is crusial. Protecting your privacy is therefore our top priority and the reason why we adopt and adhere to the best industry standards. Comrads is ISO/IEC 27001:2013 certified and complies with the requirements and standards of the AVG. To that end, Comrads takes strict precautionary, technical and organizational security measures to ensure a high level of security to protect your data, data and files from unauthorized or unlawful access.
Last BSI audit certification: December 12, 2023
Hosting and storage
Secure and scalable cloud storage
All client applications and modules at Comrads run exclusively within the EEA on private cloud servers from Amazon Web Services (AWS), our trusted business partner with a global network of powerful data centers. These are secured with access protocols, biometric scanning profiles and 24/7 surveillance and monitoring.
Physical security
Authorized access only
AWS' data servers are designed to minimize the impact of global operational disruptions. In addition, AWS data centers are staffed 24/7 by specially trained security guards, secured by CCTV cameras and biometric access controls. Authorized access is granted on a need-to-know basis.
Availability
Always safely accessible
Comrads offers scalable SaaS solutions that can be accessed globally and 24/7 via a web browser. So you don't have to install anything on your own servers. Secured by a strict role-based system (RBAC), each request for access to your stored information is verified via profiles and ensures that your assets are securely available at all times.
Server and application security
Just standard is not enough
All of Comrads' private cloud servers are effectively secured and encrypted. Comrads not only uses the standard AWS Shield service, a managed Distributed Denial of Service (DDoS) protection, but Comrads additionally implements the full-stack server and application security services AWS Inspector, AWS GuardDuty, AWS CloudWatch and Bitninja Fullstack Security. Together, these services guarantee a high level of security against attacks and threats.
Comrads full-stack server and application security
Application Access
Users can access Comrads' applications globally and 24/7 with a browser and Internet connection. All traffic to and from Comrads' applications uses only a secure HTTPS connection, so all data (including usernames and passwords) is transferred via an encrypted connection. Furthermore, it is possible to make client applications accessible only from specific IP addresses. Comrads also supports Single-Sign-On (SSO) to grant (internal) users secure access with only one set of login credentials.
Server Access
Administrative access to all our servers at AWS is limited to authorized Comrads employees only from the Comrads office or remotely via the Comrads VPN using the SSH and MySQL protocol. Each client basically has its own server within Comrads' standard VPC. It is not possible to "hop" from one server to another within the same VPC. This is prevented by IP restriction.
Network Security
Comrads' network is protected by firewalls and virus scanners that are maintained with regular upgrades and patches. Remote access to Comrads' network is only possible through our VPN. In addition, all workstations are secured and protected by the latest Endpoint Security software from ESET.
Backups
If for any reason you do lose or damage some files, a full backup is always available. Our software protects the countless hours and resources you've invested in creating and managing your asset and (meta)data by creating incremental and full backups. In the event of a failure or incident, we can perform an immediate backup restore.
Staff
All our employees are trained and aware of the applicable safety standards. To this end, Comrads holds regular training and awareness sessions for all new and existing employees. These sessions include personal interviews, (online) tech sessions and awareness meetings that ensure that security documentation is read and understood. Also, new employees are always screened.
Suppliers
To ensure our high level of security across the board, chain responsibility plays an important role. This means that Comrads only selects or allows business partners and suppliers who can provide at least the same level of security or better or who can meet Comrads' requirements. Contractual arrangements are made with each partner and processor agreements and confidentiality are a minimum requirement. Within the procedures of our ISO/IEC 27001:2013 management system, all our partners are regularly audited.