Product description
ovos play is a web-based hybrid app for the purpose of knowledge transfer. ovos play is offered as a SaaS solution. Once purchased, customers take over the creation, management and analysis of learning content via their own backend, the "Admin Dashboard".
ovos play is developed in an agile manner with a 3-week release cycle. Unscheduled patch and hotfix releases are possible.
Security measures of ovos as a SaaS provider
ovos play is distributed by ovos media gmbh as a SaaS solution.
ovos media gmbh
Schottenfeldgasse 60/36-38
1070 Vienna
Security organization measures
ovos provides the contact of the CISO. Employees receive training on agreed security guidelines every two years.
Certification
ISO:27001 in the area of software service and development. An annual audit is conducted for certification.
Authorization concept
The available authentication of ovos play is based on a nickname or e-mail and password. The password policy can be set via a configured SSO connection.
SSO bindings can be implemented on request. Supported are among others:
OpenID
LDAP
SAML
Microsoft Azure
Individual connections on request
Permission concept
Roles and permissions can be used to regulate access to the Admin Dashboard and, if required, access to the Admin Dashboard can be disabled altogether.
Security measures of Internex as hosting provider
The data center is operated by Interxion Austria at the following location:
Interxion Austria
Louis-Häfliger-Gasse 10
1210 Vienna
Measures for the fail-safe operation of the data center
Fire protection
Gas-based fire extinguishing system
Early fire detection system (VESDA) Fire protection walls (F90)
Air conditioning
Temperature between 18°C and 23°C
Humidity between 40% and 60%
Redundant system (N+1)
Security
Contactless key cards & biometric access system
Personal separation systems
24x7 security personnel on site
Only authorized personnel and customers have access to the data center
Server housing access available 24x7
CCTV camera surveillance and intrusion detection system
Power
Power is supplied by two different power grids
Redundant generator backup (2N)
230V/400V AC and 48V DC available
UPS supported A+B feed
"Clean-Earth" and overvoltage protection
Organizational security measures
Access control
Alarm system
Automatic access control system
Biometric access barriers
Smart cards / transonder systems
Manual locking system
Security locks
Protection of the building shafts
Bell system with camera
Video surveillance of the entrances
Technical security measures
Access control
Login with username + password
Login with biometric data
VPN for remote access
Locking of external interfaces (USB)
Access control
Physical deletion of data media
Logging of accesses
Use of authorization concepts
Firewall, anti-virus system, IDS, DDoS protection are implemented. OS updates are carried out every 6 months as standard.
Data is stored in separate databases for each customer.
Data is transferred via the web service using SSL/TLS and is encrypted with HTTPS.
Certifications
ISO:27001, ISO 22301, SOC 2
IT Security Assessments
For internal systems there are periodic system tests.
Customer systems can be checked at any time at the customer's own expense after signing a Permission to Attack.