green INH logo with white text
deFlag of de
enFlag of en
Efre Logo

IT security concept of INH GmbH

The following measures are taken and regularly evaluated both by INH GmbH (hereinafter referred to as INH) and by the data center operator telenetwork AG to protect confidential and personal data of the customer and its customers:

1. access control (Entrance / system access control)

Measures taken by telenetwork AG at the Trier data center site

INH only uses server systems from data center operators that have valid certifications and thus implement all technical and organizational measures in accordance with the GDPR. telenetwork AG relies on extensive measures certified according to various standards to deny unauthorized persons access to processing systems. These include, among others:

A) ACCESS CONTROL SYSTEM

Electronic access control upon entering the data center as well as into the respective security area.

B) SAFEGUARDING THE ACCESS CONTROL SYSTEMS

Access control systems as well as the alarm systems are secured against power failure via UPS and backup power supply. ln the event of a malfunction, access to the data center can be made manually via a security locking system. This is only possible by telenetwork employees.

C) ESTABLISHMENT OF SAFETY ZONES

Access to the INH systems is only possible by the group of persons defined by INH (management) and by a restricted group of persons at telenetwork.

D) KEY ALLOCATION

To a limited group of persons, exclusively to authorized persons (whitelist), identity check by means of official documents with photo (e.g. ID card) on handover, documentation of key handover.

E) KEY CONCEPT

Electronic: Access is secured by a physical (RFID chip) and a biometric (fingerprint) identification feature. Physical: INH server cabinets have their own digital lock.

F) VISITOR REGULATION

Visitors are not allowed to be in the data center without being accompanied by authorized personnel or telenetwork employees.

G) ACCESS RECORDING

Each use of an ID tag (RFID chip) or biometric requirement is electronically recorded and logged with time data.

H) BURGLAR ALARM SYSTEM

Messages from the intrusion alarm system (intrusion, malfunction, etc.) are transmitted independently to telenetwork and the on-call service, which initiate appropriate measures.

I) VIDEO SURVEILLANCE

The outer shell of the data center and access to security areas in the data center is monitored with video technology.

J) CLOSED-SHOP OPERATION

The premises of the data center are used only for the purpose of data processing, there is no public traffic.

2. access, transmission and transport control (Data access / transmission / transport control)

Measures taken by telenetwork AG at the Trier data center site

telenetwork ensures that the persons authorized to use a data processing system can only access the data subject to their access authorization and that personal data cannot be read, copied, modified or removed without authorization during processing, use and after storage.

Measures taken by INH GmbH at the Trier RZ site
  • Configuring application servers with Docker containers with minimal service provisioning and automatic releases at short intervals.
  • Use of firewalls with, among other things, GEO locking concept for whitelisting IP ranges
  • Patch and security concept for regular updating of systems and patching of known security gaps
  • Server administration only for restricted group of persons via public key authentication
  • Login / password protection through state-of-the-art hash procedure and encrypted https transmission
  • Storage of sensitive customer data using strong cryptographic techniques with key custody separate from code & database.

3. reliability, availability & integrity of the IT systems used (Reliability, Integrity, Availability)

Measures taken by telenetwork AG at the Trier data center site
A) UPS (UNINTERRUPTIBLE POWER SUPPLY)

The data center is protected against short-term power failures by means of a UPS system.

B) EMERGENCY POWER GENERATORS

Emergency power generators safeguard against longer power interruptions. Refueling during operation is possible if necessary. Emergency power generators are maintained according to manufacturer specifications.

C) FIRE PROTECTION

Data center is divided into several separate fire compartments. Central gas extinguishing system and additional hand-held fire extinguishers for selective fire fighting.

D) FIRE DETECTOR

Fire alarm system, which triggers the gas extinguishing system and triggers the alerting of the emergency and on-call service of the telenetwork AG on-call service.

E) AIR CONDITIONING

The data center is equipped with redundant room air conditioning.

F) OBJECT SECURITY IN PARTICULAR OF THE SERVER ROOMS

Customer cabinets or areas in the data center are physically secured separately by locked cabinets or barriers for the areas. Key concept, video surveillance, security service, etc. are available as described under "Access control".

Measures taken by INH GmbH at the Trier RZ site
  • Multiple redundant hardware and software design of the application and database servers
  • Automated monitoring of server systems and services with automatic notification and escalation of problem cases
  • Mirroring of data on at least three separate server systems
  • Regular backup rotation
  • Automated software testing to ensure platform functionality

4. order control (data processor control)

Measures taken by telenetwork AG at the Trier data center site

telenetwork AG acts exclusively within the framework and scope of the order by INFINKON Health AG according to the specified instructions.

A) CONTROL MEASURES

Control measures are defined in coordination between INFINKON and telenetwork and are technically and organizationally integrated into the operating procedures of telenetwork AG.

B) OBLIGATION OF CONFIDENTIALITY PURSUANT TO ART. 28 ABS. 3 LIT. B DSGVO AND § 88 TKG

All telenetwork employees are bound to data protection / confidentiality, telecommunications secrecy and to secrecy.

C) DATA PROTECTION INSTRUCTIONS

A data protection officer has been appointed by telenetwork AG.

D) DATA PROTECTION BRIEFINGS

telenetwork employees are regularly instructed on data protection topics.

Measures taken by INH GmbH
  • Order processing management, documentation of the order and the processing
  • Appropriate selection and pre-screening of service providers
  • Continuous monitoring of service providers

5. organization control

Measures taken by INH GmbH
  • Obligation of employees to maintain data secrecy (according to Art. 90 DSGVO, § 53 BDSG-neu)
  • Implementation of events and training on the subject of data security
  • Development and regular revision of the safety guidelines/rules of conduct
  • Regular evaluation and control of the defined processes and measures