Skip to content

Technical and Organizational Security Measures#

Stakater Cloud meet the specific requirements of data protection, including, without limitation, Article 28 of the General Data Protection Regulation GDPR and which are listed as SOC 2 Type 2 (Security & Confidentiality).

At a minimum, Stakater has implemented for the Stakater Cloud the technical and organizational measures and maintains security practices within the production environments as follows:

Confidentiality of processing systems#

Identity and Access Management#

  • Role-based access controls are enforced using predefined security groups to segregate and manage data access to production systems.
  • Administrative access to production systems is restricted to authorized personnel and granted solely based on their job roles and responsibilities.

Audit Assurance: Compliance, Governance and Risk Management#

  • Stakater conducts annual security operational risk assessments for production applications and services. The findings are documented in a risk register, with identified risks prioritized for treatment based on their severity.
  • Stakater evaluates the security of third-party vendors through a vendor security review, specifically focusing on vendors that store, process, or transmit Stakater and/or customer data.
  • Stakater implements risk-based continuous control monitoring by performing control testing throughout the year using a structured methodology. Testing results are documented, reviewed by management, and accompanied by remediation plans for any identified issues.
  • Controlled documents undergo annual review and approval by management, with updates communicated to relevant employees to ensure alignment and compliance.

Human Resources#

  • Stakater team members complete security awareness training upon hire and annually thereafter. The training includes relevant Stakater security policies, instructions for reporting security incidents and general industry security best practices.
  • Stakater new hires are required to pass a background check as a condition of their employment.

Integrity of processing systems#

Application & Infrastructure Security#

  • Infrastructure and configuration management tools are employed to implement security hardening and establish standardized baseline configurations for production servers.
  • Network traffic originating from or directed to untrusted networks is routed through a policy enforcement point, with firewall rules configured to block unauthorized access effectively.
  • A centralized issue tracking system is utilized to manage, monitor, and document application and infrastructure changes throughout their lifecycle, from development to implementation.

Threat and Vulnerability Management#

  • Stakater conducts regular vulnerability scans on the production environment to identify threats, assess their impact, and remediate findings based on severity.
  • Continuous monitoring tools track security events, system latency, network performance, and physical server health in real time.
  • Incident response procedures define steps for managing security events, including recovery and post-incident analysis to improve effectiveness.

Availability of processing systems#

Resilience#

  • A business continuity plan is established to provide clear procedures for protecting operations against disruptions caused by unexpected events, with annual tabletop exercises conducted to validate its effectiveness.
  • Enterprise monitoring tools are configured to track system capacity levels and promptly alert operations personnel when predefined thresholds are reached, ensuring proactive management of resources.

Additional Considerations#

  • Stakater Cloud is designed to enable customers to delete their data when it is no longer needed.
  • Digital Realty and OpenMetal are responsible for implementing controls to manage both physical access to servers and supporting infrastructure that host Stakater Cloud.
  • Customers can choose to implement technical and organizational measures to safeguard their own (Red) data.