PFA
- Former user (Deleted)
Contactperson | Requirement | Solution | Internal due date | Internal expert | Answer | Status | Awarded | Feedback |
|---|---|---|---|---|---|---|---|---|
| Functional and technical requirements | TM | Jun 13, 2022 |
|
| Done |
|
|
@Former user (Deleted) | Data encryption | TM | ASAP, as it is an additional question based on our offer | @Hein van Schaik | Question: In your proposal, you write about encryption, that documents are encrypted at rest, but not data. Can you state what type of data may be "left" unencrypted? Answer: Data is not ‘left’ unencrypted. See for more details the answers below.
Question: Is it e.g. login information, username, email addresses of PFA employees and suppliers, etc.? Is it also information given in connection with a tender, and is it also information posted by PFA to the suppliers - e.g. requirements specifications? Answer: With regards to this question it is important to distinguish between documents/attachments and data being entered into the platform. Documents are stored in Azure Blob Storage which uses Azure Storage Service Encryption (SSE). This feature automatically encrypt data before it is stored, and it automatically decrypts the data when you retrieve it. The process is completely transparent to users. Storage Service Encryption uses 256-bit Advanced Encryption Standard (AES) encryption, which is one of the strongest block ciphers available. AES handles encryption, decryption, and key management transparently. Question: If data is unencrypted to remain, will either AWS, Microsoft or Atlassian be able to access this data unencrypted? Answer: The mentioned parties are not able to access this data. As described above the virtual hard drives are encrypted. We unintentionally might have given the impression that there is no encryption applied to data. This is not the case as mentioned above. The type of encryption is only different from documents. | Done |
|
|