Today, 28 January, is International Data Protection Day. This is a good moment to pause and reflect on the careful handling of personal data and information security within your organisation.
Centix is ISO 27001-gecertificeerd. This demonstrates that we take the privacy and security of your data seriously. While we fulfil our responsibilities, it is also necessary for you to take measures to protect your data and that of your customers. The data that you process in Centix is your property and not that of Centix.
To mark International Data Protection Day, we are sharing a number of practical tips below to support you in safeguarding privacy and data within your Centix environment.
Do you allow third parties to log in to your Centix Online environment?
Customer data is a valuable asset that must be managed with care. When you grant third parties, such as customers or partners, access to your Centix environment, it is important to make clear agreements about this within your organisation.
Document agreements
Ensure that recorded data is managed carefully in accordance with the guidelines of the General Data Protection Regulation (GDPR). It is important to apply clear criteria when determining which information is and is not recorded in Centix. Document which data is processed and ensure that you can explain why this processing is necessary. You can include this information in your privacy statement or disclaimer.
The data recorded in Centix is not the property of Centix, but belongs entirely to the organisations that use our software. When you, as a Centix customer, enter into your own customer relationships, it is essential to make clear agreements about the ownership of this data and to record these agreements. This is particularly important when customers are able to enter data themselves, such as creating or moving objects or adding documents. Agreements regarding the processing of customer data should be set out in a data processing agreement.
Make agreements in advance about the termination of the collaboration.
A customer relationship may come to an end. It is therefore important to make clear agreements in advance about how the termination of a collaboration will be handled. This helps to prevent uncertainty and potential conflicts. Such agreements provide clarity and transparency regarding the procedures to be followed, responsibilities, and any consequences associated with ending the collaboration. Among other things, agree with the parties involved on which data will be retained and how long this data will be stored in the Centix database.
Centix is ISO certified
At Centix, ISO certification means that we work in a structured manner to safeguard both the quality and security of our processes. We have been doing this for many years. Centix Security Officer Wilbur is involved on a daily basis with ISO 27001 certification: “ISO 27001 focuses on information security. Because we are certified, our customers can expect their data to be secure with us.”
How do you manage data access?
Centix offers the possibility to grant users access to your environment. This may include your own employees who carry out work in Centix, as well as customers whose data is recorded in your system. To prevent privacy issues, it is essential to manage access to data carefully.
Provide each user with their own login details
Ensure that each user has individual login credentials, including customers. Sharing accounts carries risks, such as a lack of insight into who has access to the system, from where, and when. This can lead to unrestricted access to data belonging to other customers or locations, which may compromise the privacy and integrity of the data.
Centix has a licensing structure that makes account sharing unnecessary. At Centix, you do not pay per created account, but based on the number of users who are allowed to make changes while logged in at the same time. This means you can create an unlimited number of user accounts.
Set clear guidelines for user access rights
It is important that users only have access to the functions and data that are relevant to their work. Within Centix, you can set data restrictions, allowing access to data to be limited based on roles, individuals, business units, or teams.
Centix offers the option to use standard system roles with associated restrictions. In addition, you can customise these roles or create your own system roles with specific rights. For example, the standard roles often have the option to delete enabled by default, but this setting can easily be adjusted by the administrator.
This gives the administrator team within Centix the flexibility to align access rights precisely with the organisation’s specific needs and privacy requirements.
Never share passwords
When creating or granting a user account, it is essential to ensure security. Instead of sharing a password, Centix offers the option to send an account activation link. An alternative is to set a temporarily generated password. In that case, you provide only the username and supply the user with a link to the password reset functionality.
Within Centix, you can require users to use strong passwords. The administrator can configure these settings via the Admin panel (System Tasks > User System Settings). Here, you can configure, among other things:>
- the use of uppercase letters and/or numbers;
- the minimum number of characters for a password;
- the automatic locking of an account after a specified number of failed login attempts.
These measures significantly reduce the risk of unauthorised access to your Centix environment.
If possible, use centrally maintained accounts (via SSO)
We regularly observe that user access rights are not revoked in a timely manner when a Centix user leaves. To prevent this, Centix recommends using Single Sign-On (SSO) internally. This is an authentication process that allows users to access multiple applications and systems within a network using a single set of login credentials.
In addition to improving user convenience, SSO reduces the risk of password loss or misuse. Because access rights are managed centrally, Single Sign-On provides a higher level of security.
SSO is available as a standard feature within Centix. When your Centix environment is connected to your SSO provider, you only need to make the change there when an employee leaves the organisation. Access to Centix is then automatically revoked.
Remove access rights and data upon termination of employment or the end of a customer relationship
There are times when an employee leaves employment or the customer relationship is terminated. In such cases, individuals have the right to be ‘forgotten’. To accomplish this, follow these steps:
- Block users who should no longer have access.
- If necessary, anonymise data (partially) if deletion is not possible, for example, in the case of an inspector’s records.
- If it involves the departure of the Centix main contact person, it is important to report the departure to Centix and provide information about the new Centix contact person.
Preform regular access checks
It is recommended to conduct regular reviews of user session logs. These logs offer insights into the login activities, enabling you to track who accessed the system and when. It is advisable to conduct these checks, such as on a monthly basis, to promptly identify any unauthorised users and take appropriate action.
Discover what Centix can do for your organisation
Have you become interested and would like to learn more? During a product demonstration, we are pleased to guide you through the capabilities of Centix. Depending on your requirements, we will show you in approximately one to one and a half hours how our software can support your organisation. This will give you a clear and comprehensive view of our solution.
Prefer to see Centix Online Basis in action? Request the demonstration video!
