ISTOS
Security

Secure access

Secure access to our software is a matter of course for us, but individual and convenient design for our customers is also important to us.

Access Management

The permission concept of our products is designed incrementally and can be defined granularly per user depending on the use case. Corresponding role concepts are already stored in the software and can be assigned to individual users.

DMG MORI Digital does not have standard access to customer instances. Accordingly, access to customer instances by our employees only takes place in connection with support cases opened by the customer and corresponding authorization. Access to the operating structures of the customer instance is carried out independently for maintenance and support purposes without access to customer data.

Authentication

Authentication in our products takes place through current widely used standards. These are for example OpenID Connect as well as OAuth2.

Further authentication mechanisms can be coordinated according to individual needs.

Security of customer data

Data security has the highest priority for us. That is why we only use the latest technologies and security measures.

Security and availability

The backup of customer data is fully automated and controlled by various security mechanisms. In some cases, customer data is backed up every minute. These backups are also mirrored in other Microsoft Azure data centres to protect against local interference.

We guarantee an availability of the services of at least 99% on an annual average, apart from availability failures that are not within the sphere of influence of DMG MORI Digital, such as force majeure or the fault of third parties. In addition, our availability is based on Microsoft Azure's availability commitments as stated in their SLAs: https://azure.microsoft.com/en-gb/support/legal/sla/

Further information can also be found in the service descriptions for the products.

Encryption

Both stored data (Data in Rest) and data in transit (Data in Transit) are encrypted. Procedures corresponding to the current state of technology are used for this.

Monitoring

Our products that are operated in the Microsoft Azure Cloud are automatically monitored. Individual services can be restored fully automatically in the event of disruptions in the operating process. Software failures are thus identified as quickly as possible.

Security updates

We regularly update the systems we use and respond to critical security gaps that arise, even outside the usual update cycles and maintenance windows.

The software components used are regularly and automatically checked for security gaps.

High security standards

For our software, compliance with modern and high security standards is indispensable. Our infrastructure which is hosted at Microsoft Azure offers these high standards - even certified.

Infrastructure (Cloud)

Our products are operated in the Microsoft Azure Cloud. A European server region is used for this. The Microsoft Azure data centres are certified according to common international standards such as ISO27001, 27018, C5 according to BSI, SOC 1/2/3. The certifications of Microsoft Azure Cloud can be accessed at the following link: https://learn.microsoft.com/en-gb/compliance/regulatory/offering-home

The certifications, which are regularly verified by independent audits, guarantee the highest level of protection for any customer data and compliance with the GDPR at the system operation level.

Data protection according to GDPR

DMG MORI Digital complies with all requirements of the GDPR. As a subsidiary of DMG MORI AG, we also comply with the group requirements regarding data protection and thus the processing of personal data.

Further information can be found on the corresponding website of DMG MORI AG - Corporate Responsibility Strategy.