This is a question often asked by boards, manggers and educators who want to start using ChildDiary.


Most recurring questions:


General Data Protection Regulation


  • By using ChildDiary can I comply with the General Data Protection Regulation?


                 A: Yes, it is one of the reasons why a large number of institutions have started using ChildDiary



  • Where can I see your Privacy Policy and Terms of Use?


                 A: Here is our Privacy Policy and Terms of Use


Logical access


  • What are the criteria for the construction of passwords and what is your process for managing authentication credentials on the portal like?

           A: All our passwords must meet certain requirements, namely at least 6 characters, a number, a capital letter and a small letter.




  • Do accesses have a time-out mechanism?


           A: Yes, combined with sliding window expiration.



  • Are there external entities with access to the data that will be inserted in the platform?


          A: No, we only share data with entities that are necessary for the proper functioning of the platform. At the moment we only use Microsoft Azure (data hosting and infrastructure) and Amazon Simple Email Service (sending email notifications)




  • Are privileged platform administration accesses monitored and reviewed periodically?


          A: Yes.


Vulnerability Management


  • Is the platform subject to periodic vulnerability testing and patching?


           A: We use the Microsoft Azure "managed" services which guarantee that patching is done regularly and without impact to our users.



  • Do you have DoS controls in place?


           A: Yes, it is part of Microsoft's core App Service offering 

(https://docs.microsoft.com/en-us/azure/app-service/app-service-security) and was one of the reasons we chose Microsoft as our technology partner.


Encryption


  • What encryption mechanism is used between communications with the platform?


           A: We use HTTPS, with SSL certificate



  • Is the data entered into the database encrypted? If so, what algorithm is used?


          A: Yes, all data is encrypted. We use

https://docs.microsoft.com/en-us/azure/sql-database/transparent-data-encryption-azure-sq and passwords have a second level of encryption



  • Are encryption mechanisms implemented for data in transit and at rest?


           A: Yes, see answer above.


Backups


  • Has a backup policy been defined for the data inserted in the platform?


           A: Yes, you can find more details at  https://docs.microsoft.com/en-us/azure/sql-database/sql-database-automated-backups



  • Are the backups periodically tested?


        A: We trust Microsoft and their backup infrastructure. We have had to resort to a backup using point-in-time restore.