Access Controls

Access controls define how to limit access to a system or any other virtual resources in the company. The below table contains a list of points concerning access controls in XTRF Management Systems Ltd.

Topic

Description

Topic

Description

UNIQUE USER IDS

All XTRF Management Systems Ltd. employees have unique user IDs with certain user rights regarding access to office space, data, systems. The employees are not allowed to share user's IDs. Moreover,  there are no generic users IDs.

TRACKING USER IDS

Internal system events are logged by a unique user ID.

PROTECTING CLIENT-SENSITIVE INFORMATION

Protection of all client data is a key responsibility and obligation of XTRF Management Systems Ltd. All client information is kept securely. For more details go to the Security Policy article.

PERSONAL ACCOUNTS MANAGEMENT

In XTRF Management Systems Ltd.  the Office Managers are in charge of managing personal accounts in case of any changes. The internal procedure requires to inform the XTRF Administration Specialist about that: a written application is delivered with information how to manage the account - set up, delete or modify it.

PRIVILEGED AND ADMINISTRATIVE ACCOUNTS

In XTRF there are privileged and administrative accounts limited to the XTRF Administration personnel.

AUDITING PRIVILEGED ACTIVITY

All privileged actions on systems which process sensitive information are logged in the event log.

STORING THE APPLICATION EVENT LOGS

Application event logs, which capture users' activity, identify sources of security events and record violations, are stored within the standard Linux logging mechanisms.

RETENTION PERIOD FOR APPLICATION AND SYSTEM LOGS
  • XTRF Language Business Platform installed on your local machine: Log rotation policy is fully controlled by the client.

  • XTRF Language Business Platform as Software as a Service (SaaS):  The 90 days rotation policy is provided.

PRODUCTION DATA STORAGE

Production data is always stored in the production environments. Bear in mind that the production data is never stored or use in any of the non-production environments, for example test environment, development environment, staging site.

Bug fixing: If the bug cannot be reproduced outside the production environment, the production environment may be accessed by a trained XTRF Support Team. In that case, the XTRF Support Team access is fully controlled by a client.