2021 Q4 Data Processing Addendum assessment

Audit date: 14 January 2022

Category Activity Scope Status of the internal audit
Product Development Environment Product Team Workstations
  • Updated Virus Protection
  • Full Disk Encrytion
  • No unauthorized access

Product Team Workstations

We have validated the notebooks of all of our 17 product team members.
Source Code Management System
  • Login access is restricted only to authorized persons
  • Only minimal permissions are granted
  • No unauthorized access

Bitbucket Cloud - META-INF

Source code management and Build system to store and build the code of our applications.

Permissions

  • Admin : Can create, delete repositories and modify repository settings.
  • Write : Can push and merge source code modifications and trigger manual build pipelines.
  • Read : Can pull source code, read build logs and pull requests.

Repository1

  • Admin
    1 DevOps Engineer
    2 Product Owner
  • Write
    7 Software Developer
    1 CEO

Repository2

  • Admin
    1 DevOps Engineer
    2 Product Owner
  • Write
    7 Software Developer
    1 CEO

Repository3

  • Admin
    1 DevOps Engineer
    2 Product Owner
  • Write
    7 Software Developer
    1 CEO

Repository4

  • Admin
    1 DevOps Engineer
    2 Product Owner
  • Write
    7 Software Developer
    1 CEO

Repository5

  • Admin
    1 DevOps Engineer
    2 Product Owner
  • Write
    7 Software Developer
    1 CEO

Repository6

  • Admin
    1 DevOps Engineer
    2 Product Owner
  • Write
    7 Software Developer
    1 CEO

Repository7

  • Admin
    1 DevOps Engineer
    2 Product Owner
  • Write
    7 Software Developer
    1 CEO

Repository8

  • Admin
    1 DevOps Engineer
    2 Product Owner
  • Write
    1 DevOps Engineer
    7 Software Developer
    2 Test Engineer
    1 Technical Account
    1 CEO

Repository9

  • Admin
    1 DevOps Engineer
    2 Product Owner
  • Write
    1 DevOps Engineer
    7 Software Developer
    2 Test Engineer
    1 CEO

Repository10

  • Admin
    1 DevOps Engineer
    2 Product Owner
  • Write
    1 DevOps Engineer
    7 Software Developer
    2 Test Engineer
    1 CEO

Repository11

  • Admin
    1 DevOps Engineer
    2 Product Owner
  • Write
    1 DevOps Engineer
    7 Software Developer
    2 Test Engineer
    1 CEO

Repository12

  • Admin
    1 DevOps Engineer
    2 Product Owner
  • Write
    1 DevOps Engineer
    11 Software Developer ( 4 Contractor )
    2 Test Engineer
    1 CEO

Repository13

  • Admin
    1 DevOps Engineer
    2 Product Owner
  • Write
    1 DevOps Engineer
    7 Software Developer
    2 Test Engineer
    1 CEO
Artifact Management System
  • Login access is restricted only to authorized persons
  • Only minimal permissions are granted
  • No unauthorized access

Jfrog Artifactory

Artifact management system to store the build logs and artifacts of your application.

Permissions

  • Admin : Can create, delete repositories and modify repository settings.
  • Write : Can upload, delete, overwrite (in snapshot repositories) artifacts.
  • Read : Can list, download artifacts.

Repository1

  • Admin
    1 DevOps Engineer
  • Write
    1 Technical Account
  • Read
    1 DevOps Engineer
    7 Software Developer
    2 Test Engineer
    1 Product Owner

Repository2

  • Admin
    1 DevOps Engineer
  • Write
    1 Technical Account
  • Read
    1 DevOps Engineer
    7 Software Developer
    2 Test Engineer
    1 Product Owner
Staging Environment AWS Staging Environment
  • Cloud Console access is restricted only to authorized persons
  • SSH access is protected by keys and MFA
  • Database access is possible only from the internal network
  • Kubernetes access is possible only from the internal network
  • Only minimal permissions are granted
  • No unauthorized access

AWS Stage

Separated AWS Account for the Stage resources.

Permissions

  • StageAdmins : Can list, create, delete, modify AWS resources.
  • StageContainerImageAdmins : Can list, create, delete, modify (in snapshot repositories) Docker images.
  • StageContainerImageReaders : Can list Docker images.
  • StageDeployers : an list, create, delete, modify Kubernetes resources and list Docker images.
  • InfraBackup : Can list, create, delete, modify items in the Backup S3 Bucket.
  • StageEticmaTechUsers : Can list, create, delete, modify ETICMA app related resources w/o MFA.
  • StageEticmaUsers : Can list, create, delete, modify ETICMA app related resources.
  • StageAdmins
    2 DevOps Engineer
    3 Infrastructure Engineer ( 3 Contractor )
    1 Software Developer
  • StageContainerImageAdmins
    1 Technical Account
  • StageContainerImageReaders
    1 Technical Account
  • StageDeployers
    2 Software Developer
  • InfraBackup
    1 Technical Account
  • StageEticmaTechUsers
    1 Technical Account
  • StageEticmaUsers
    3 Software Developer ( 3 Contractor )
    2 Test Engineer
    1 Product Owner

AWS Stage Bastion

EC2 instance to access the Stage internal network and databases.

Permissions

  • Root : Can administer Linux OS.
  • User : Can log in and access the internal network of the Staging environment.
  • Root
    1 DevOps Engineer
    2 Infrastructure Engineer ( 2 Contractor )
  • User
    1 Infrastructure Engineer ( 1 Contractor )
    3 Software Developer
    1 Technical Account
Production Environment AWS Production Environment
  • Cloud Console access is restricted only to authorized persons
  • SSH access is protected by keys and MFA
  • Database access is possible only from the internal network
  • Kubernetes access is possible only from the internal network
  • Only minimal permissions are granted
  • No unauthorized access

AWS Prod

Separated AWS Account for the Prod resources.

Permissions

  • Admins : Can list, create, delete, modify AWS resources.
  • BillingAdmins : Can view billing details, costs, invoices.
  • ContainerImageAdmins : Can list, create, delete, modify Docker images.
  • Deployers : an list, create, delete, modify Kubernetes resources and list Docker images.
  • Admins
    1 DevOps Engineer
    2 Infrastructure Engineer ( 2 Contractor )
    1 Software Developer
  • BillingAdmins
    1 DevOps Engineer
  • ContainerImageAdmins
    1 Technical Account
  • Deployers
    2 Software Developer

AWS Prod Bastion

EC2 instance to access the Prod internal network and databases.

Permissions

  • Root : Can administer Linux OS.
  • User : Can log in and access the internal network of the Production environment.
  • Root
    1 DevOps Engineer
    2 Infrastructure Engineer ( 2 Contractor )
  • User
    3 Software Developer
    1 Technical Account
Log Analysis and Monitoring Datadog Loggin and Monitoring System
  • Login access is restricted only to authorized persons
  • Only minimal permissions are granted
  • No unauthorized access

Datadog

Log management and monitoring tool for our staging and production applications.

Permissions

  • Admin : Can administer all resources. Can not delete logs.
  • Write : Can read, create, delete, modify monitors, dashboards. Can read logs.
  • Read : Can read monitors, dashboards, logs.
  • Admin
    1 DevOps Engineer
    1 Software Developer
    1 Technical Account
  • Write
    1 DevOps Engineer
    1 Software Developer
  • Read
    2 Infrastructure Engineer ( 2 Contractor )
    5 Software Developer
    2 Test Engineer
    3 Support Agent
    2 Product Owner
    1 CEO

Cookies are used to make this website work and to enhance your experience. To learn more, see our Cookie Policy. You can provide consent by clicking the "I Consent" button or by canceling this cookie notice.

Close
Your cookie preferences have been saved