nvt
Application (D)DoS Protection
The application has taken application level steps to prevent Denial of Service attacks such as caching where possible, rate limiting and designing functionality to be non-blocking. This includes protecting API...
Rollback Procedure
Major changes and/or migrations that could have potential impact on the availability of the IT service have a rollback procedure and a step-by-step plan for the change documented beforehand and...
Emergency Power
Emergency power to IT equipment is available or a hot-site connected to a separate power source is available.
DDoS Network Protections
Network of IT services must be hardened against Distributed Denial of Service (DDoS) attacks. Services are configured to avoid participating in DDoS attacks. There is a documented procedure in the...
Organizational Data Deletion
After the retention period or when the data medium is decommissioned, lost or repurposed, organisation data is deleted. End users receive sufficient warning before data is deleted.
Data Exfiltration Detection and Prevention
There are measures to prevent users from downloading entire datasets. Additionally, or if these measures cannot be implemented, alerting and monitoring for users downloading large amounts of information from the...
Remote Wipe of Organizational Data
Description It is possible for organisational data to be deleted from devices remotely by a device management system, if they actively make a connection or based on an interval without...
Authorized data distribution
The proces owner authorises distribution of confidential information explicitly to any recipient, internal or external to the organisation. For all non-incidental data transfers, the authorisation is documented and reviewed yearly....
Datacenter uptime
Data centres used in the processing of information take appropriate measures to guarantee continued uptime.