169
The provider offers comprehensive documentation and training
material as an introduction to using the service. A hotline is available
during the user's normal working hours. Problems can be reported
by means of an electronic ticket system. The provider has established
processes with guaranteed processing workflows and the internal
applications necessary to support them, also with any upstream
suppliers.
Assurances in terms of service management and technical provision
are verified on site by trained auditors.
Four‐Star Certification
In addition to the requirements stated previously, the following mandatory
criteria are fulfilled:
Technical provisions are in line with the requirements for a
professional datacentre provider. Communication uses an Internet
Exchange node (IX) with direct and redundant links.
The service processes comply with the requirements of ITIL and ISO
27001
in the sense of an ISMS (Information Security Management
System).
The security functions and the use of encryption technology are
documented and verifiable and in line with normal IT security
requirements. Protective measures against external attacks are
implemented, and at the time of the audit are in accordance with the
requirements of the ISO 27001 standards.
Direct access by administrators is restricted, and transaction data is
anonymised against user profiles in individual cases of access. Record
of this is kept in appropriate process documentation, which is
available to the customer on request.
Except where long‐term archiving of customer data according to the
principles of data access and verifiability of digital documents
(
GdPDU) is implemented by other means, the provider fulfils the
archiving and provisioning requirements for customer data to the
extent of legal requirements.
Five‐Star Certification
In addition to the requirements stated previously, the following mandatory
criteria are fulfilled: