Breeze ID uses a strong encryption method known as bcrypt to hash all user passwords.

This ensures that passwords are transformed into a form that cannot be easily reversed, providing an additional layer of protection for user data

The measures that we have implemented for ensuring ongoing confidentiality, integrity, availability, and resilience of processing systems and services include:

1. Access Control: Access to the backend system and database is controlled through multi-factor authentication and rolebased access control, ensuring that only authorized users have access. Access to the database is restricted based on IP address (whitelist).

2. Encryption at Rest and in Transit: All data files and system files, including backups, snapshots, and replicas, are encrypted using AES 256-bit encryption, ensuring that data is secure even if an attacker gains physical access to the underlying hardware. Data is also encrypted in transit using TLS to protect against interception and eavesdropping.

3. Database Clustering and Replication: Data is stored in a database cluster with a minimum of 3 nodes, ensuring that data is replicated and stored on multiple nodes. This means that if one node fails, the data is still available on the other nodes.

4. Cloud Environment with High Availability and Redundancy: The backend system is hosted in a cloud environment with high availability and redundancy, ensuring that the system is always available even if one server fails.

5. Automatic Backups and Snapshots: The database has automatic backups and snapshots, ensuring that data can be restored in the event of a disaster or data loss.

6. Auto-Scaling and Automated Monitoring: The database has auto-scaling enabled, ensuring that the database can handle increased traffic or workload. Automated monitoring and alerts are also enabled for critical events such as cluster reboots, shard rebalancing, and node failures.

7. Enforced SSL Encryption and Network Encryption: SSL encryption is enforced for the backend system, and network encryption is enabled to protect data in transit between the backend system and the database.

8. Audit Logs: Detailed audit logs are enabled to track changes, monitor user activity, and maintain compliance with regulatory requirements.

Overall, these measures help to ensure the ongoing confidentiality, integrity, availability, and resilience of our processing systems and services.

Some of the measures that we have implemented for ensuring the ability to restore the availability and access to personal data in the event of a physical or technical incident were covered in the previous point.

In the event of a physical or technical incident, we have a dedicated incident response team that is responsible for responding to the incident, mitigating any damage, and restoring the availability and access to personal data as quickly as possible. This team is trained and equipped to handle a wide range of incidents, from minor disruptions to major disasters.

Overall, our measures for ensuring the ability to restore the availability and access to personal data in a timely manner are designed to minimize the impact of any incidents and ensure that our users can continue to access their data without interruption.

Breeze ID has implemented processes for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures in order to ensure the security of the processing.

One of the key measures that we have implemented is automated testing, which runs regularly and with each new deployment. This helps to identify any potential security vulnerabilities or issues in the system, allowing us to address them quickly and efficiently.

In addition to automated testing, we also engage a third-party partner to perform penetration testing on our platform. This involves attempting to exploit any potential vulnerabilities in the system in order to identify areas that require further attention. By engaging a third-party partner, we can obtain an independent assessment of our security measures and identify any areas that we may have missed.

Overall, these measures help us to continuously evaluate and improve the effectiveness of our technical and organizational security measures, ensuring that our platform remains secure and our users' data is protected.

Breeze ID has implemented several measures for user identification and authorization to ensure that only authorized users have access to personal data:

Password Policies: We have implemented password policies that require users to create passwords that are at least 8 characters long, include at least one number and one special character. This helps to prevent weak passwords that can be easily guessed or compromised.

Role-Based Access Control: The system is role-based, and users are assigned roles based on their job function. This ensures that users only have access to the data that they need to perform their jobs, reducing the risk of unauthorized access.

Strong Authentication: We have implemented strong authentication measures, such as multi-factor authentication (MFA), to verify the identity of users. MFA is enforced if the user has admin privileges or higher, and we also have the possibility to enforce MFA for all users on a portal. This helps to ensure that only authorized users can access personal data and reduces the risk of unauthorized access.

Overall, these measures help to ensure that only authorized users have access to personal data and that access is provided based on a need-to-know basis. This helps to protect personal data from unauthorized access and reduce the risk of data breaches.

Breeze ID has implemented measures for the protection of data during transmission by using SSL encryption.

SSL encryption ensures that data transmitted between our platform and users is encrypted and secure, protecting against interception and eavesdropping by unauthorized parties.

SSL encryption is a widely recognized and accepted method for securing data in transit, and is used by many major websites and applications. It is a robust and reliable method for ensuring the confidentiality, integrity, and authenticity of data during transmission.

Overall, our use of SSL encryption helps to ensure the protection of data during transmission and provides our users with a secure and reliable platform

Breeze ID has implemented measures for ensuring event logging to track system and user activity, providing an additional layer of protection for personal data:

Built-in Logging:Breeze ID has built-in logging of most events performed through the platform, including user logins, user modifications, and other system events. This helps to identify potential security issues and monitor system activity.

Detailed Audit Logs: On the database layer, detailed audit logs are enabled to track changes, monitor user activity, and maintain compliance with regulatory requirements. This provides an additional layer of protection for personal data by detecting and investigating any unauthorized access to personal data.

Overall, these measures ensure that event logging is enabled throughout the platform, allowing us to monitor system activity and detect any potential security issues

Breeze ID has implemented several measures for the protection of data during storage, ensuring that personal data is secure and protected:

Access Control: Access to the backend system and database is controlled through multi-factor authentication and rolebased access control, ensuring that only authorized users have access. Access to the database is further restricted based on IP address (whitelist), reducing the risk of unauthorized access.

Encryption at Rest: All data files and system files, including backups, snapshots, and replicas, are encrypted using AES 256-bit encryption, ensuring that data is secure even if an attacker gains physical access to the underlying hardware. This helps to protect personal data from unauthorized access and prevent data breaches.

Audit Logs: Detailed audit logs are enabled to track changes, monitor user activity, and maintain compliance with regulatory requirements. This helps to detect and investigate any unauthorized access to personal data, providing an additional layer of protection for personal data.

Overall, these measures ensure that personal data is protected during storage, reducing the risk of unauthorized access and data breaches.

Breeze ID ensures physical security of locations at which personal data are processed by utilizing Microsoft Azure data centers.

Microsoft Azure data centers are designed to provide a high level of physical security to protect against unauthorized access, theft, and damage to equipment and data.

Some of the measures that Microsoft Azure data centers implement to ensure physical security include:

Access Control: Access to the data centers is strictly controlled, with biometric and multi-factor authentication used to verify the identity of personnel entering the facility. Access is also restricted based on job function and role.

Video Surveillance: Data centers are monitored by video surveillance cameras 24/7, providing continuous monitoring and recording of activity in and around the data center.

Physical Barriers: Data centers are surrounded by physical barriers such as walls, fences, and gates to prevent unauthorized access. Doors and windows are reinforced to prevent forced entry.

Environmental Controls: Data centers are equipped with environmental controls to regulate temperature, humidity, and air quality, ensuring that equipment is protected from environmental damage.

Redundancy Measures: Data centers have redundant power supplies, backup generators, and other redundancy measures in place to ensure that systems remain operational in the event of a power outage or other disruption.

Overall, by utilizing Microsoft Azure data centers, Breeze ID is able to ensure the physical security of locations at which personal data are processed. These measures help to protect personal data from unauthorized access and damage, providing our users with a secure and reliable platform.

Breeze ID ensures system configuration, including default configuration, by leveraging tools within Azure to identify and mitigate configuration issues and vulnerabilities.

These measures include Advisor Recommendations, Health Checks, Risk Assessment Checks, following Best Practices,

Security Benchmarks

We use CD/CI pipelines to ensure that the configuration is always up to date and that any changes are properly reviewed and approved.

The configuration is tightened to the minimum required for the system to function. This means that we disable all unnecessary services and ports, reducing the risk of security incidents and data breaches.

Overall, these measures ensure that our system is configured securely and in accordance with industry best practices and security standards. This helps to reduce the risk of security incidents and data breaches, ensuring that personal data is protected.

Breeze ID takes measures to ensure data minimization, which means we only collect and process the minimum amount of personal data necessary to provide our services. This helps to reduce the risk of unauthorized access, data breaches, and other security incidents.

For users, we only collect the necessary data, such as email and name, to create and manage user accounts. This ensures that personal data is protected and only used for the intended purpose.

When it comes to the creation of Credentials (ID-badges both physical and digital), we only collect the data necessary to produce the Credential based on the template.

This may include photos, names, employee numbers, etc.

We ensure that tools are in place and available to the intended users to delete or anonymized the data when it is no longer necessary.

Breeze ID takes a comprehensive approach to ensuring data quality, which involves assigning responsibility for data quality to the data owner. The data owner is responsible for ensuring that the data is of good quality, up-to-date, and only retained for as long as necessary.

In Breeze ID , the data owner is typically the person or organization that is responsible for the registered tenant or portal. This ensures that there is clear accountability for data quality and that the necessary measures are taken to maintain the integrity of the data.

Additionally, in cases where the data is sourced from a company register, such as HR data or active directory, the responsibility for data quality lies with the company that is responsible for the register. This ensures that the data is maintained to a high standard and is consistent with industry best practices.

By assigning responsibility for data quality to the data owner and implementing measures to ensure that the data is up-to-date and only retained for as long as necessary, we can maintain high standards of data quality in our systems.