We work diligently to ensure your data security
The threat landscape for digital systems is constantly evolving, and therefore, our security efforts must keep pace. That's why it's a natural part of our development process, from designing functionality to implementing it. Data security is an area where we continuously strive to improve.
We cannot reveal all the details of our safety measures for security reasons, but here are some examples to help you feel confident using Mediaflow as a platform.
- Confidentiality agreements cover all of our employees.
- Staff members can only access the systems and functions required for their job duties.
- Only a few individuals in operations and technical support have access to your stored data; other support staff only access your data when you have approved it during a support issue.
- All customer data is completely separated from testing and development environments, and your data is never used for system development and testing.
- All files and data are stored on encrypted disks.
- Servers and storage are operated in data centres in Sweden, with the highest security classification (MSB protection class 3).
- All access to the system is logged to identify unauthorized access or usage.
- Security audits and pen tests (planned attacks on the system to discover weaknesses) are conducted with external experts.
- All communication takes place over encrypted connections using TLS via HTTPS; plugins, integrations, apps, and streaming communicate with the same level of encryption as the primary system.
- Only content the customer has explicitly chosen to share is exposed for public access, such as images on public web pages.
- All services are operated in secure data centres on servers with full redundancy (at least two independently operating servers).
- Redundant (at least two independently operating) power and network connections. In case of disruption, the connection switches to a working one.
- Daily backups are made for files and several times a day for data. Backups are stored in a geographically separate location from the operational environment.
- Streaming traffic is primarily from our streaming servers in Uppsala and Gothenburg, with redundant distribution via our partner Global Connect (a Swedish company based in Sweden).
Data protection and GDPR
Mediaflow actively works with GDPR issues and data security. This applies to the data we handle as a company and our services.
We are adamant about meeting the data protection requirements of our customers, both in the public sector and for commercial customers with critical e-commerce flows, and so on.