Information Security

BSFOM GmbH applies established technical and organizational measures to protect systems and data.
The following overview describes implemented practices and operational principles.

Organization & Personnel

  • Software development, operations, and support are performed in-house in Austria.
  • All team members have long-standing professional experience in security-critical and safety-sensitive environments.
  • Team access to systems follows the principle of least privilege.
  • Personnel reliability is supported by long-term collaboration and background checks.

Development & Deployment

  • Software is developed and maintained internally.
  • Deployments to production systems are performed manually.
  • Manual deployment procedures are used to reduce operational risk and ensure traceability.

Hosting & Infrastructure

  • Systems are hosted on dedicated servers operated by a European data center provider.
  • Server environments are exclusively controlled by BSFOM GmbH.
  • Infrastructure is operated in accordance with European data protection requirements.

Data Protection & Backups

  • Encrypted backups are created on a daily basis.
  • Backups are stored off-site in a separate European data center.
  • Backup and restore procedures are documented and controlled.

Monitoring & Availability

  • Systems are monitored continuously for availability and operational anomalies.
  • Monitoring supports early detection of potential incidents.

User Account Security

  • User account security is implemented according to current industry practices.
  • Multi-factor authentication (MFA) is available for security-relevant functions.
  • Role-based access control with differentiated privilege levels is applied.
  • Customers have access to basic account security monitoring, including checks for compromised credentials.

Maintenance Access & Change Logging

  • Maintenance and operational access to production systems is strictly regulated.
  • All maintenance activities are logged.
  • Customer-side supervisor and administrator actions are recorded in transparent change logs, comparable to an audit trail.

System Architecture

  • System architecture is designed to minimize external dependencies.
  • Reduced external interfaces are used to limit potential attack surfaces.

Hosting Provider Measures (Dedicated Servers)

  • Physical access controls, surveillance, and access logging at data center facilities.
  • Redundant power supply, cooling, and environmental monitoring.
  • Network-level firewall protection configurable by the customer.
  • Logical isolation of server environments.
  • Secure data deletion and hardware wiping prior to reuse or decommissioning.
  • Defined organizational and authorization policies for provider personnel.