Information security program

Data centers

Infrastructure.
res mechanica maintains (Google Cloud Platform, London, UK and Amazon Web Services, Frankfurt, Germany) and stores all production data in physically secure data centers that are geographically distributed across Europe.

Redundancy.
res mechanica’s infrastructure has been designed to eliminate single points of failure and minimize the impact of anticipated environmental risks. This design allows res mechanica to perform maintenance and improvements of the infrastructure with minimal impact on the production systems. Environmental equipment and facilities have documented preventative maintenance procedures that detail the process for and frequency of performance in accordance with the manufacturer’s or internal specifications.

Power.
All data centers are equipped with redundant power system with various mechanism to provide backup power, such as uninterruptible power supplies (UPS) batteries for short term blackouts, over voltage, under voltage or any power instabilities and diesel generators, for outages extending units of minutes, which allow the data centers to operate for days.

Server operating system.
res mechanica uses Linux-based operating systems for the application environments. res mechanica has established a policy to keep systems up to date with necessary security updates.

Site controls

Data center security operations.
All data centers in use by res mechanica maintain 24/7 on-site security operations responsible for all the aspects of physical data center security.

Data center security.
All data centers comply with or exceed the security requirements of SOC2. All data centers are equipped with CCTV, on-site security personnel and key card access system.

Access Control

Access Control and Privilege Management.
Subscriber’s administrators must authenticate themselves via a central authentication system in order to administer the Services.

Internal Data Access Processes and Policies – Access Policy.
res mechanica’s internal data access processes and policies are designed to prevent unauthorized persons or systems from getting access to systems used to process personal data. res mechanica only provides access to a limited number of authorized personnel. SSH certificates are used to provide secure access mechanisms. res mechanica requires the use of unique IDs, strong passwords and two factor authentication. Granting of access is guided by an internal policy. Access to systems is logged to provide an audit trail for accountability.

Data storage, isolation and logging.

res mechanica stores data in a combination of dedicated and multi-tenant environments. The data is replicated on multiple redundant systems. res mechanica may also logically isolate the Subscriber’s data. Subscriber may enable data sharing, should the Services functionality allow it.

Decommissioned disks and disk erase policy.

Disks used in servers might experience hardware failures, performance issues or errors that lead to their decommission. All decommissioned disks are securely erased if intended for reuse, or securely destroyed due to malfunction.

Personnel security

res mechanica personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards.

Personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, res mechanica’s confidentiality, privacy and acceptable use policies. All personnel are provided with security training upon employment and then regularly afterwards. res mechanica’s personnel will not process Subscriber Data without authorization.