Security

Avista Time is responsible for the technical and organizational security measures in and around Avista programs as a personal information officer. This means that in Avista, we ensure that there is a security needed, such as encrypted communications, high security, privileged management, ability to make registry extracts and delete personal data. When there are no features in the Personal Data Management program, we have internal procedures for this. The actions Avista Time performs are described below.

Authentication and Encryption

All data communication takes place with Secure Sockets Layer (SSL). To access Avista, login with username and password or NFC (contact-based reading) is required based on physical devices that are connected to a specific user.

Avista uses encrypted communication in the form of 256-bit SSL encryption. Data communication to and  from user’s digital device is encrypted with SSL, which is an established and most widely used Internet standard for encrypted communication. In order to prevent unauthorized access of information from a computer, absence, the system automatically logs out the User after the customer’s chosen time interval. The customer is always at risk of unauthorized use of Avista as a result of the User leaving a logged-in computer unattended.

There is continuous user authentication. Anyone call to avistatime.com entails a check of the logged in credentials.

Storage and backups

Avista is running on servers in 24-hour data halls, and staff are always available. Data storage is available in at least two geographically separated locations within the EU with full redundancy and backups were taken everyday. Our service provider is Hetzner AG, read more ..

Avista Times services are based on a modern server platform with multi-level redundancy. Server environment and network are protected by firewalls. In addition, the plant is monitored proactively by monitoring and analyzing firewalls and system logs.

Avista has comprehensive backup routines that ensure continuity of services. The encryption of User Password remains at the backups. Complete backups are made daily.

Knowledge and information protection

Only a few key people know how the security system is built.

All personnel are bound by a confidentiality agreement that prevents the dissemination of data, information, and the personal or customer’s personal data. Only qualified personnel have access to the data.