Product description

ovos play is a web-based hybrid app for the purpose of knowledge transfer. ovos play is offered as a SaaS solution. Once purchased, customers take over the creation, management and analysis of learning content via their own backend, the "Admin Dashboard".

ovos play is developed in an agile manner with a 3-week release cycle. Unscheduled patch and hotfix releases are possible.

Security measures of ovos as a SaaS provider

ovos play is distributed by ovos media gmbh as a SaaS solution.

• ovos media gmbh

• Schottenfeldgasse 60/36-38

• 1070 Vienna

Security organization measures

ovos provides the contact of the CISO. Employees receive training on agreed security guidelines every two years.

Certification

ISO:27001 in the area of software service and development. An annual audit is conducted for certification.

Authorization concept

The available authentication of ovos play is based on a nickname or e-mail and password. The password policy can be set via a configured SSO connection.

SSO bindings can be implemented on request. Supported are among others:

• OpenID

• LDAP

• SAML

• Microsoft Azure

• Individual connections on request

Permission concept

Roles and permissions can be used to regulate access to the Admin Dashboard and, if required, access to the Admin Dashboard can be disabled altogether.

Security measures of Internex as hosting provider

The data center is operated by Interxion Austria at the following location:

• Interxion Austria

• Louis-Häfliger-Gasse 10

• 1210 Vienna

Measures for the fail-safe operation of the data center

Fire protection

• Gas-based fire extinguishing system

• Early fire detection system (VESDA) Fire protection walls (F90)

Air conditioning

• Temperature between 18°C and 23°C

• Humidity between 40% and 60%

• Redundant system (N+1)

Security

• Contactless key cards & biometric access system

• Personal separation systems

• 24x7 security personnel on site

• Only authorized personnel and customers have access to the data center

• Server housing access available 24x7

• CCTV camera surveillance and intrusion detection system

Power

• Power is supplied by two different power grids

• Redundant generator backup (2N)

• 230V/400V AC and 48V DC available

• UPS supported A+B feed

• "Clean-Earth" and overvoltage protection

Organizational security measures

Access control

• Alarm system

• Automatic access control system

• Biometric access barriers

• Smart cards / transonder systems

• Manual locking system

• Security locks

• Protection of the building shafts

• Bell system with camera

• Video surveillance of the entrances

Technical security measures

Access control

• Login with username + password

• Login with biometric data

• VPN for remote access

• Locking of external interfaces (USB)

Access control

• Physical deletion of data media

• Logging of accesses

• Use of authorization concepts

Firewall, anti-virus system, IDS, DDoS protection are implemented. OS updates are carried out every 6 months as standard.

Data is stored in separate databases for each customer.

Data is transferred via the web service using SSL/TLS and is encrypted with HTTPS.

Certifications

ISO:27001, ISO 22301, SOC 2

IT Security Assessments

For internal systems there are periodic system tests.

Customer systems can be checked at any time at the customer's own expense after signing a Permission to Attack.