This Security Policy outlines the measures and procedures put in place by TNG Technology Consulting GmbH (“TNG”) to ensure the security of data processed by our Server/Data Center and Cloud apps as well as the Server/Data Center and Cloud apps itself. We take security seriously and are committed to protecting our Server/Data Center and Cloud apps from security threats.
...
All of our Cloud apps are written using Atlassian Forge.
In particular, they are hosted by Atlassian and keep all data in Atlassian’s infrastructure. Therefore, all data stored and processed by these apps remains in Atlassian’s infrastructure.Our Cloud
Apps for Server and Data Center are installed directly in the End User’s Atlassian system. Therefore, all data stored and processed by these apps remains in the End User’s infrastructure.
In principle, our apps do not transmit any data to us or any other external third-party system. If transmissions to external systems are a functional part of the app, they happen transparently, encrypted in transit and under the customer’s control.
You can find more information about this in our Privacy Policy.
Data resilience
As all data of our Cloud apps is stored within Atlassian’s infrastructure, we rely on on Atlassian’s backup and recovery mechanisms.
As all data of our apps for Server and Data Center is stored within End User’s infrastructure, we rely on on the End User’s backup and recovery mechanisms.
API key management
Any third party API keys provided by the end user will remain in the apps and will only be used for the agreed use in the apps.
Internal security measures
We have laid down an internal security policy and implemented response protocols to respond to security incidents promptly and effectively.
All employees have committed themselves to confidentiality, in particular regarding personal data.
Knowledge on data protection regulations is maintained with yearly briefings.
We make use of single sign-on (SSO) and multi-factor authentication (MFA) with hardware tokens for all personalized accounts.
All personalized accounts have individual passwords that must fulfill current recommendations for secure passwords.
Our workstations are individually assigned and not shared between employees.
Data on hard drives of all workstations is fully encrypted.
Security patches are installed regularly.
All employees are ordered to lock their workstations on absence.
Access is granted by roles. We follow a “need to know” principle and only grant access to information if it is absolutely required for an employee to conduct their official duties.
When developing our Cloud apps, we strictly separate development, staging, and production environments.