Guarantor of privacy: measure SA
The entry into force of EU Regulation 679/2016 (General Data Protection Regulation or GDPR), which requires organizations to protect the personal data of EU citizens, has had an immediate impact on information systems from the outset.
However, the “Provision of system administrators” (published in the G.U. n. 300 of 24 December 2008), issued by the Data Protection Authority, is still current and perfectly integrated with the provisions of the GDPR (in particular Articles 24, “responsibility of the controller” and 32, “security of processing”).
The measure, as is known, requires the registration of accesses made by administrators (access log), the indication of the time interval and the description of the event.
The provision requires the storage of information for at least 6 months and the safeguarding of the principles of completeness, inalterability and integrity (also current with the GDPR).
SGBox complies with the Provision of System Administrators
SGBox allows you to collect logs without alterations, safely, protecting data at rest and in transit (via HTTPS), through the protocol TLS 1.2. The integrity is provided by the encryption inside the appliance and the digital signature, which also determines the saving time in a certain way.
The backup application allows periodic storage of the collected data on an external storage medium. The encrypted data can be stored on storage media not rewritable and verify at any time that it has not been altered.
SGBox also offers the possibility of establishing the duration of log data storage, setting custom retention times (protecting for example the storage of raw data information for at least 6 months, as required by the Guarantor).
The full respect of the criteria of the Segregation of Duties (sod), finally allows to differentiate the accesses in order not to allow, from the system administrators, changes or subtraction of the log data in an arbitrary way (principle of inalterability of the data).