ovos play is a web-based hybrid app for the purpose of knowledge transfer. ovos play is offered as a SaaS solution. Once purchased, customers take over the creation, management and analysis of learning content via their own backend, the "Admin Dashboard".
ovos play is developed in an agile manner with a 3-week release cycle. Unscheduled patch and hotfix releases are possible.
Security measures of ovos as a SaaS provider
ovos play is distributed by ovos media gmbh as a SaaS solution.
ovos media gmbh
Security organization measures
ovos provides the contact of the CISO. Employees receive training on agreed security guidelines every two years.
ISO:27001 in the area of software service and development. An annual audit is conducted for certification.
The available authentication of ovos play is based on a nickname or e-mail and password. The password policy can be set via a configured SSO connection.
SSO bindings can be implemented on request. Supported are among others:
Individual connections on request
Roles and permissions can be used to regulate access to the Admin Dashboard and, if required, access to the Admin Dashboard can be disabled altogether.
Security measures of Internex as hosting provider
The data center is operated by Interxion Austria at the following location:
Measures for the fail-safe operation of the data center
Gas-based fire extinguishing system
Early fire detection system (VESDA) Fire protection walls (F90)
Temperature between 18°C and 23°C
Humidity between 40% and 60%
Redundant system (N+1)
Contactless key cards & biometric access system
Personal separation systems
24x7 security personnel on site
Only authorized personnel and customers have access to the data center
Server housing access available 24x7
CCTV camera surveillance and intrusion detection system
Power is supplied by two different power grids
Redundant generator backup (2N)
230V/400V AC and 48V DC available
UPS supported A+B feed
"Clean-Earth" and overvoltage protection
Organizational security measures
Automatic access control system
Biometric access barriers
Smart cards / transonder systems
Manual locking system
Protection of the building shafts
Bell system with camera
Video surveillance of the entrances
Technical security measures
Login with username + password
Login with biometric data
VPN for remote access
Locking of external interfaces (USB)
Physical deletion of data media
Logging of accesses
Use of authorization concepts
Firewall, anti-virus system, IDS, DDoS protection are implemented. OS updates are carried out every 6 months as standard.
Data is stored in separate databases for each customer.
Data is transferred via the web service using SSL/TLS and is encrypted with HTTPS.
ISO:27001, ISO 22301, SOC 2
IT Security Assessments
For internal systems there are periodic system tests.
Customer systems can be checked at any time at the customer's own expense after signing a Permission to Attack.