2022 Q4

Jogi dokumentumok

Egyéb jogi dokumentumok

2022 Q4

TARTALOMJEGYZÉK

Text Link

Audit date: 20 December 2022

Category	Activity	Scope	Status of the internal audit
Product Development Environment	Product Team Workstations	Updated Virus Protection Full Disk Encrytion No unauthorized access	Product Team Workstations We have validated the notebooks of all of our 21 product team members.
Source Code Management System	Login access is restricted only to authorized persons Only minimal permissions are granted No unauthorized access	Bitbucket Cloud - META-INF Source code management and Build system to store and build the code of our applications. Permissions Admin : Can create, delete repositories and modify repository settings. Write : Can push and merge source code modifications and trigger manual build pipelines. Read : Can pull source code, read build logs and pull requests. Repository1 Admin 1 DevOps Engineer 1 Software Developer 2 Product Owner Write 7 Software Developer 1 Support Agent 1 CEO Repository2 Admin 1 DevOps Engineer 1 Software Developer 2 Product Owner Write 7 Software Developer 1 Support Agent 1 CEO Repository3 Admin 1 DevOps Engineer 1 Software Developer 2 Product Owner Write 7 Software Developer 1 Support Agent 1 CEO Repository4 Admin 1 DevOps Engineer 1 Software Developer 2 Product Owner Write 7 Software Developer 1 Support Agent 1 CEO Repository5 Admin 1 DevOps Engineer 1 Software Developer 2 Product Owner Write 7 Software Developer 1 Support Agent 1 CEO Repository6 Admin 1 DevOps Engineer 1 Software Developer 2 Product Owner Write 7 Software Developer 1 Support Agent 1 CEO Repository7 Admin 1 DevOps Engineer 1 Software Developer 2 Product Owner Write 7 Software Developer 1 Support Agent 1 CEO Repository8 Admin 1 DevOps Engineer 1 Software Developer 2 Product Owner Write 9 Software Developer ( 2 Contractor ) 2 Test Engineer 1 Support Agent 1 Technical Account 1 CEO Read 1 Software Developer ( 1 Contractor ) Repository9 Admin 1 DevOps Engineer 1 Software Developer 2 Product Owner Write 9 Software Developer ( 2 Contractor ) 2 Test Engineer 1 Support Agent 1 Technical Account 1 CEO Repository10 Admin 1 DevOps Engineer 1 Software Developer 2 Product Owner Write 7 Software Developer 2 Test Engineer 1 Support Agent 1 Technical Account 1 CEO Repository11 Admin 1 DevOps Engineer 1 Software Developer 2 Product Owner Write 7 Software Developer 2 Test Engineer 1 Support Agent 1 Technical Account 1 CEO Repository12 Admin 1 DevOps Engineer 1 Software Developer 2 Product Owner Write 7 Software Developer 2 Test Engineer 1 Support Agent 1 Technical Account 1 CEO Repository13 Admin 1 DevOps Engineer 1 Software Developer 2 Product Owner Write 7 Software Developer 2 Test Engineer 1 Support Agent 1 CEO
Artifact Management System	Login access is restricted only to authorized persons Only minimal permissions are granted No unauthorized access	Jfrog Artifactory Artifact management system to store the build logs and artifacts of your application. Permissions Admin : Can create, delete repositories and modify repository settings. Write : Can upload, delete, overwrite (in snapshot repositories) artifacts. Read : Can list, download artifacts. Repository1 Admin 1 DevOps Engineer Write 1 Technical Account Read 8 Software Developer 2 Test Engineer 1 Product Owner Repository2 Admin 1 DevOps Engineer Write 1 Technical Account Read 8 Software Developer 2 Test Engineer 1 Product Owner

Product Team Workstations

We have validated the notebooks of all of our 21 product team members.

Source Code Management System

Login access is restricted only to authorized persons
Only minimal permissions are granted
No unauthorized access

Bitbucket Cloud - META-INF

Source code management and Build system to store and build the code of our applications.

Permissions

Admin : Can create, delete repositories and modify repository settings.
Write : Can push and merge source code modifications and trigger manual build pipelines.
Read : Can pull source code, read build logs and pull requests.

Repository1

Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
Write
7 Software Developer
1 Support Agent
1 CEO

Repository2

Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
Write
7 Software Developer
1 Support Agent
1 CEO

Repository3

Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
Write
7 Software Developer
1 Support Agent
1 CEO

Repository4

Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
Write
7 Software Developer
1 Support Agent
1 CEO

Repository5

Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
Write
7 Software Developer
1 Support Agent
1 CEO

Repository6

Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
Write
7 Software Developer
1 Support Agent
1 CEO

Repository7

Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
Write
7 Software Developer
1 Support Agent
1 CEO

Repository8

Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
Write
9 Software Developer ( 2 Contractor )
2 Test Engineer
1 Support Agent
1 Technical Account
1 CEO
Read
1 Software Developer ( 1 Contractor )

Repository9

Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
Write
9 Software Developer ( 2 Contractor )
2 Test Engineer
1 Support Agent
1 Technical Account
1 CEO

Repository10

Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
Write
7 Software Developer
2 Test Engineer
1 Support Agent
1 Technical Account
1 CEO

Repository11

Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
Write
7 Software Developer
2 Test Engineer
1 Support Agent
1 Technical Account
1 CEO

Repository12

Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
Write
7 Software Developer
2 Test Engineer
1 Support Agent
1 Technical Account
1 CEO

Repository13

Admin
1 DevOps Engineer
1 Software Developer
2 Product Owner
Write
7 Software Developer
2 Test Engineer
1 Support Agent
1 CEO

Artifact Management System

Login access is restricted only to authorized persons
Only minimal permissions are granted
No unauthorized access

Jfrog Artifactory

Artifact management system to store the build logs and artifacts of your application.

Permissions

Admin : Can create, delete repositories and modify repository settings.
Write : Can upload, delete, overwrite (in snapshot repositories) artifacts.
Read : Can list, download artifacts.

Repository1

Admin
1 DevOps Engineer
Write
1 Technical Account
Read
8 Software Developer
2 Test Engineer
1 Product Owner

Repository2

Admin
1 DevOps Engineer
Write
1 Technical Account
Read
8 Software Developer
2 Test Engineer
1 Product Owner

Staging Environment

AWS Staging Environment

Cloud Console access is restricted only to authorized persons
SSH access is protected by keys and MFA
Database access is possible only from the internal network
Kubernetes access is possible only from the internal network
Only minimal permissions are granted
No unauthorized access

AWS Stage

Separated AWS Account for the Stage resources.

Permissions

StageAdmins : Can list, create, delete, modify AWS resources.
StageContainerImageAdmins : Can list, create, delete, modify (in snapshot repositories) Docker images.
StageContainerImageReaders : Can list Docker images.
StageDeployers : an list, create, delete, modify Kubernetes resources and list Docker images.
InfraBackup : Can list, create, delete, modify items in the Backup S3 Bucket.
StageEticmaTechUsers : Can list, create, delete, modify ETICMA app related resources w/o MFA.
StageEticmaUsers : Can list, create, delete, modify ETICMA app related resources.

StageAdmins
1 DevOps Engineer
2 Infrastructure Engineer ( 2 Contractor )
1 Software Developer
StageContainerImageAdmins
1 Technical Account
StageContainerImageReaders
1 Technical Account
StageDeployers
3 Software Developer
InfraBackup
1 Technical Account
StageEticmaTechUsers
1 Technical Account
StageEticmaUsers
3 Software Developer
1 Test Engineer

AWS Stage Bastion

EC2 instance to access the Stage internal network and databases.

Permissions

Root : Can administer Linux OS.
User : Can log in and access the internal network of the Staging environment.

Root
1 DevOps Engineer
2 Infrastructure Engineer ( 2 Contractor )
User
4 Software Developer
1 Technical Account

Production Environment

AWS Production Environment

Cloud Console access is restricted only to authorized persons
SSH access is protected by keys and MFA
Database access is possible only from the internal network
Kubernetes access is possible only from the internal network
Only minimal permissions are granted
No unauthorized access

AWS Prod

Separated AWS Account for the Prod resources.

Permissions

Admins : Can list, create, delete, modify AWS resources.
BillingAdmins : Can view billing details, costs, invoices.
ContainerImageAdmins : Can list, create, delete, modify Docker images.
Deployers : an list, create, delete, modify Kubernetes resources and list Docker images.

Admins
1 DevOps Engineer
2 Infrastructure Engineer ( 2 Contractor )
1 Software Developer
BillingAdmins
1 DevOps Engineer
ContainerImageAdmins
1 Technical Account
Deployers
3 Software Developer

AWS Prod Bastion

EC2 instance to access the Prod internal network and databases.

Permissions

Root : Can administer Linux OS.
User : Can log in and access the internal network of the Production environment.

Root
1 DevOps Engineer
2 Infrastructure Engineer ( 2 Contractor )
1 Software Developer
User
3 Software Developer
1 Technical Account

Log Analysis and Monitoring

Datadog Loggin and Monitoring System

Login access is restricted only to authorized persons
Only minimal permissions are granted
No unauthorized access

Datadog

Log management and monitoring tool for our staging and production applications.

Permissions

Admin : Can administer all resources. Can not delete logs.
Write : Can read, create, delete, modify monitors, dashboards. Can read logs.
Read : Can read monitors, dashboards, logs.

Admin
1 DevOps Engineer
1 Infrastructure Engineer ( 1 Contractor )
1 Software Developer
1 Product Owner
1 Technical Account
Write
1 Software Developer
1 Atlassian Consultant
Read
1 Infrastructure Engineer ( 1 Contractor )
6 Software Developer
2 Test Engineer
3 Support Agent
1 Product Owner
1 CEO