IT and Data Security
Security has high priority
As a business application that is used across all industries, we attach great importance to security and data protection. Through comprehensive technical and organisational measures, we ensure that Micromate can be seamlessly and securely integrated into your IT landscape. The security of our system is continuously optimised and checked through certifications and external penetration tests.
Penetration Test
Last Test: 01/10/2024
Microsoft 365 App Certification
Last certification: 22.10.2024
Technical and Organisational Measures (TOM)
The following list contains the technical and organisational measures that Micromate implements. These are regularly reviewed in internal processes and as part of the certification process.
Operational Security
The following TOMs ensure the security of the IT infrastructure, the software and its development as well as the provision of Micromate with proven security methods.
Security Awareness Training
At Micromate, we offer all employees comprehensive safety training that is regularly updated. The training process is carefully documented and continuously monitored to ensure ongoing compliance and safety.
Malware/Antivirus Protection
Micromate’s anti-malware solution is active across all system components and ensures continuous on-access scanning, daily updates of virus signatures, automatic blocking of detected malware and immediate notifications to our engineering team.
Patch Management
Micromate ensures rapid protection against vulnerabilities through timely patching of critical risks, proactive decommissioning of outdated systems and an efficient process for identifying and prioritising new threats.
Vulnerability Scanning
Micromate carries out quarterly security checks for vulnerabilities in the infrastructure and web applications.
Network Security
At Micromate, our network security rules are designed to protect our system by blocking any traffic that is not explicitly authorised. To ensure first-class protection, we conduct a review every six months.
Change Control
Every change to our production environments is carefully scrutinised. We ensure that an impact assessment, thorough testing and approval are carried out to deliver seamless and reliable updates.
Separation of Environments
Micromate maintains separate development and test/staging environments from the production environment, ensuring separation through access controls and preventing the use of sensitive production data in non-production environments.
Secure Software Development
At Micromate, we are committed to secure software development by following leading industry standards such as the OWASP Top 10. Our developers receive continuous training to ensure the development of secure software.
Code Repository Security
At Micromate, code repositories are secured by subjecting all changes to a review and approval process by a second reviewer before they are merged. Appropriate access controls are enforced with multi-factor authentication (MFA), and all production releases are reviewed prior to deployment.
Secured Service Accounts
Micromate ensures that all default credentials are disabled, removed or changed and a robust process is in place to effectively secure service accounts.
Secure User Account Management
Micromate assigns personalised user accounts, adheres to the principle of minimum rights, enforces a strict password policy and ensures that inactive accounts are deactivated or deleted.
Multi-Factor Authentication (MFA)
Micromate secures all remote access, management interfaces, code repositories and cloud management with robust multi-factor authentication.
Logging of Security Events
At Micromate, we ensure robust security by logging security-related activities. The logs are kept easily accessible for 30 days and 90 days in total. We regularly review the logs to detect and fix anomalies such as tampering or malware threats.
Alerting in the Event of Security Incidents
Alert rules in Micromate are set up to report changes to privileged accounts, high-risk activity, malware events, event log tampering, firewall activity, security tool disabling and anti-malware logging issues.
Annual Security Risk Assessment
This helps us to identify and mitigate the most significant threats to ensure that our security measures adapt to the ever-changing security environment.
Risk Management for third-party Providers and Partners
Micromate has a risk management process that assesses and manages risks in connection with suppliers and business partners.
Response Plan for Security Incidents
Micromate’s security incident response plan ensures that incidents are dealt with quickly and effectively. It includes contacts, communication strategies and clear steps for incident management, containment and recovery.
Training and Review of the Response Team
All members of the crisis response team are trained annually on how to deal with incidents, and the crisis response strategy and associated documentation are updated based on findings from exercises, incident responses or organisational changes.
Business Continuity Plan (BCP)
Micromate maintains a business continuity plan that includes roles and responsibilities, business processes, backup procedures, recovery priorities, contingency plans and system recovery processes.
Disaster Recovery Plan (DRP)
Micromate’s disaster recovery plan includes staff roles, contingencies for business processes, systems and data backup procedures, recovery priorities and a comprehensive disaster recovery plan for critical systems and services.
Annual Review of the Business and Disaster Recovery Plan
Micromate’s business continuity plan and disaster recovery plan are reviewed annually. Updates are made on the basis of tests through exercises and on the documentation of test results and lessons learnt.
Data Processing Security and Data Protection
The following TOMs relate to the security of the data that Micromate consumes, processes and passes on. The focus here is on technical security and legal compliance with the new Swiss Data Protection Act (revDSG) and the European General Data Protection Regulation (GDPR).
Secure Data Transmission
To ensure that data is protected during transmission, Micromate uses TLS 1.2 or higher and maintains an inventory of trusted keys and certificates.
Encrypted Data "at rest"
Micromate’s hosting environment protects “at rest” data with advanced encryption techniques to ensure the highest level of security.
Data Retention Policy
Micromate defines and documents a data retention period to ensure clear and standardised data management.
Data Deletion
Micromate’s data erasure mechanism ensures that data beyond the retention period is securely deleted.
Backup Management
Micromate has an automated backup system. The reliability and integrity of the data is ensured by regularly testing the recovery procedures. Access controls and protection mechanisms are active to protect backups from unauthorised access and to guarantee the confidentiality, integrity and availability of the data.
Management of Data Access
Limiting data access to a minimum number of users, ensuring access according to the principle of least privilege and implementing a well-documented process for access requests are important to Micromate.
Contract for Order Data Processing (ADV)
A list of all third parties to whom data is passed on is kept and data processing contracts are in place with all third parties who process data from Micromate.
revDSG/DSGVO Compliance
Micromate ensures compliance with the revDSG and the GDPR by handling requests for data subject rights (SARs). We ensure that all relevant data can be found quickly and ensure secure deletion. In addition, we provide comprehensive information on personal data, data types, retention periods, the lawfulness of processing and the rights of data subjects, including access, erasure and data portability.
Successful Learning in a secure Learning Environment
Secure in action
