Sicherheitszertifikate
Name des Zertifikats
▪ CSA STAR
▪ ISO20000
▪ ISO22301
▪ ISO27001
▪ ISO27017
▪ ISO27018
▪ ISO9001
▪ Service Organization Report (SOC) 1/2/3
Weitere Details zum Zertifikat hinsichtlich Prüfumfang, Ausprägungen, Erweiterungen, etc.
Certificate that covers Germany and Singapore location and products/services:
▪ German - Cloud Computing Compliance Controls Catalogue (C5)
Certificates cover all location and products/services:
▪ ISO 9001:2015 Quality Management System
▪ ISO/IEC 27001:2013 Information Security Management System
▪ ISO/IEC 20000:2011 Information Technology Service Management System
▪ ISO/IEC 22301:2012 Business Continuity Management System
▪ Cloud Security Alliance’s Security Trust and Assurance Registry (“CSA STAR”)
▪ Service Organization Report (SOC) 1,2 and 3
Datenschutz
Geografischer Standort des Rechenzentrums
Datenschutzzertifizierung
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield
TRUSTe Enterprise Privacy Certification
Weitere Details zum Zertifikat hinsichtlich Prüfumfang, Ausprägungen, Erweiterungen etc.
TRUSTe Enterprise Standards are based on foundational privacy frameworks including the Fair Information Practice Principles, OECD Privacy Guidelines, APEC Privacy Framework, and the EU-U.S. and Swiss-U.S. Privacy Shield Principles.
Zertifizierung des Rechenzentrums und der technischen Infrastruktur
Weitere Details zum Zertifikat hinsichtlich Prüfumfang, Ausprägungen, Erweiterungen etc.
Certificate that covers Germany and Singapore location and products/services:
▪ German - Cloud Computing Compliance Controls Catalogue (C5)
Certificates cover all location and products/services:
▪ ISO 9001:2015 Quality Management System
▪ ISO/IEC 27001:2013 Information Security Management System
▪ ISO/IEC 20000:2011 Information Technology Service Management System
▪ ISO/IEC 22301:2012 Business Continuity Management System
▪ Cloud Security Alliance’s Security Trust and Assurance Registry (“CSA STAR”)
▪ Service Organization Report (SOC) 1,2 and 3
Audits
Durchführung von Audits auf Antrag durch den Anwender
Ja
Beschreibung
Only industry approved audits mathods, such as providing Service Organization Controls (SOC) Report 1/2/3
Verfügbarkeit
Zugesicherte Ende-zu-Ende Service-Verfügbarkeit in Prozent / Jahr
Verfügbarkeitsklasse 3 - 99,9 % ? 43:48 Minuten/Monat oder 8:45:58 Stunden/Jahr
Maximale Downtime in Stunden
Uptime greater/equal than 99.95% in 30 days means 29 Days , 23 Hours, 38 Minutes and 24 Seconds uptime. It also means a maximum Downtime of 0 Days, 0 Hours, 21 Minutes, 36 Seconds. (0.05% downtime).
Support
Garantierte Antwortzeit des Kunden-Supports
< 3 Arbeitstage
Durchschnittliche Zeit bis zur Problemlösung?
< 4 Arbeitstage
Verfügbarkeit des Kunden-Supports
24/7
Beschreibung der Supportleistungen
Alibaba Cloud offers highly flexible support service depending on your desired support level. Customers can subscribe to the following Alibaba Cloud After Sale Support levels: Basic, Developer, Business and Enterprise.
Werden Trainings angeboten?
Ja
Auditierbarkeit
Ist es möglich, dass Audits vom Anwender zu Arbeitsprozessen und organisatorischen Abläufen in Bezug auf Datenschutz- und Sicherheit durchgeführt werden?
Durch Dritte
Serviceverfügbarkeit
Wie wird die rasche Wiederherstellung der Verfügbarkeit der Kundendaten und den Zugang zu ihnen bei einem physischen oder technischen Zwischenfall garantiert?
Business Continuity Management
Alibaba Cloud has established operational availability objectives for the following cloud products. For VPC and Alibaba Cloud Security products, the objectives of the respective ECS, OSS, or RDS services would be applicable.
▪ ECS is designed to provide operational availability no less than 99.95%;
▪ SLB is designed to provide operational availability no less than 99.95%;
▪ OSS is designed to provide operational availability no less than 99.90%;
▪ RDS is designed to provide operational availability no less than 99.95%;
▪ CDN is designed to provide operational availability no less than 99.90%.
▪ Express Connect is designed to provide operational availability no less than 99.95%
Backups
Beschreibung der Backup-Optionen
Alibaba Cloud is ISO/IEC 20000:2011 and IS022301:2012 certified, which cover business continuity management. Alibaba Cloud has established policies and operation standards with business continuity management covered. Business continuity plans are established and reviewed by the business continuity management team every year; the plans are updated according to results of the review.
Alibaba Cloud conducts a business continuity drill at least once a year. Alibaba Cloud and data center service providers conduct joint data center business continuity drills every year and data center business continuity reports would be issued accordingly. Alibaba Cloud performs backups of network device configurations by using a network device configurations system in order to ensure that network device configurations can be restored when needed.
ECS and OSS are designed to offer redundant data retention mechanisms for customer data. When customers’ data is stored in ECS and OSS, three copies are automatically created in the same region where the customer purchased the service.
Wie wird sichergestellt, dass die Anforderungen zur Wahrung der Vertraulichkeit sich auch auf die Backups erstreckt?
In general, Alibaba Cloud ensures the cloud infrastructures' security and confidentiality, and customers are managing their own backup strategy within their services and product that align with their organizational standards. Alibaba Cloud also offers encryption services that are available for customers to choose.
Verschlüsselung
Welche Verschlüsselungstechniken zur Verschlüsselung der Datenübertragung und -Speicherung können angewendet werden?
Encryption & Key Management
Alibaba Cloud has established policies for encryption and key management. For data transmission security, Alibaba Cloud supports secure communication channels with strong cryptographic protocols for data transmission. HTTPS is supported by the Open API gateway of Alibaba Cloud. When a Customer logs into the management console and performs operations, identity authentication information and operation commands are transmitted via HTTPS.
RDS supports Transparent Data Encryption (“TDE”) enabled by MS SQL Server and MySQL; OSS supports Customer data encryption at the server side. Data keys are utilized to encrypt/decrypt Customer’s data; master keys are utilized to encrypt/decrypt data keys. The AES256 algorithm is utilized to encryption Customer’s data and Customer’s data keys.
Key Management Service (“KMS”) is utilized to manage master keys of RDS and OSS customers. RDS and OSS call the internal interfaces of KMS to request the master key for data key encryption/decryption. The master key identifier is assigned to a Customer by KMS. This master key identifier is utilized by KMS to call Encryption & Key Management
Alibaba Cloud Link ID² adopts random algorithm to ensure the confidentiality and uniqueness of ID²’s secret key. Additionally, it adopts the encrypted storage mechanism to ensure the security and confidentiality of ID²’s secret key.
Alibaba Cloud Link ID² uses the public key provided by the customer to encrypt the ID² secret key during the key generation process. The customer needs to use its private key to obtain the plain text of ID² secret key to ensure the security and confidentiality of ID² secret key.
Alibaba Cloud Link IoT Platform, Alibaba Cloud Link Living adopt the encrypted storage mechanism to ensure the security of deviceSecret.
The cipher machines used by Alibaba Cloud Link IoT Platform, Alibaba Cloud Link IoT Edge, Alibaba Cloud Link ID² and Alibaba Cloud Link Living to call business secret key to adopt the whitelist mechanism. Only the equipment used by the corresponding products and services are matched to the whitelist.
Alibaba Cloud Link IoT Edge’s standard SDK software package provides the encryption tool to encrypt the data stored at default path on the gateway device.
To mitigate the risk of data leakage, 1)Alibaba Cloud Link IoT Edge adopts DTLS to secure the connection between the cloud server and device (or gateway) when using UDP protocol through relevant API. 2)Alibaba Cloud Link IoT Platform, Alibaba Cloud Link IoT Edge and Alibaba Cloud Link Living adopt TLS to secure the connection between the cloud server and device (or gateway) when using MQTT or HTTP protocol through relevant API. 3)Alibaba Cloud Link IoT Platform adopts DTLS to secure the connection established from the device (or gateway) to cloud server when using CoAP protocol.
When the software upgrade package is ready, the developers will be notified through Alibaba Cloud Link IoT Edge’s official website to download the latest version software package for the software update at the gateway device. The software downloaded based on the HTTPS protocol to ensure the security of the process.
Alibaba Cloud Link ID² adopts TLS to secure the connection between the server of the service provider (the customer served by Alibaba Cloud) and cloud server.
Optionen für das Key-Management
Encrpytion-Keys werden durch den Kunden verwaltet
Identity- und Accessmanagement
Welches Rechte- und Rollenkonzept wird angewendet?
es wird ein unternehmensweites Rechte - und Rollenkonzept angewendet
Technische und organisatorische Maßnahmen
Wie erfolgt die angemessene Umsetzung der technischen und organisatorischen Maßnahmen laut DSGVO?
Umsetzung erfolgt durch Vertrag zur Auftragsdatenvereinbarung gem. Art. 28 DSGVO