Ensuring privacy and security in your Centix environment

Het waarborgen van privacy en veiligheid in Centix.

Centix is ISO 27001 certified, demonstrating our commitment to taking the privacy and security of your data seriously. While we fulfil our responsibilities, it is also essential for you to take measures to protect both your data and that of your customers. After all, the data processed in Centix is your property, not Centix’s. In celebration of International Privacy Day on Sunday, January 28, we offer some valuable tips to assist you in safeguarding your privacy and data.

Do you permit third parties to access your Centix Online environment?

Managing customer data is a crucial task that requires careful consideration and explicit agreement. How do you address this matter?

Document agreements

Ensure meticulous management of captured data in accordance with the guidelines outlined in the General Data Protection Regulation (GDPR). It is important to apply strict criteria when determining the information captured in Centix. Record the processed data and provide clear explanations for the necessity of such processing. This information should be incorporated into your privacy statement or disclaimer.

It is crucial to emphasise that the data captured in Centix is not owned by Centix; instead, it is fully owned by the organisations utilising our software. If you, as a Centix customer, initiate your own customer relationships, it is essential to establish explicit agreements regarding data ownership and document them accordingly. This becomes particularly important when customers have the ability to input data, such as creating and managing their objects or adding documents. You can formalise these agreements concerning the processing of customer data in a processing agreement.

Agree in advance on how to handle the conclusion of a collaboration

It is not uncommon for a customer relationship to come to an end. Therefore, it is crucial to establish agreements beforehand regarding the conclusion of a collaboration. This proactive approach helps prevent potential ambiguities and conflicts. These agreements contribute to clarity and transparency regarding the procedures to be followed, responsibilities, and possible consequences in the event of a partnership ending. One important aspect is to determine, in consultation with all involved parties, the duration for which data will be retained and specify which data will be preserved in the Centix database.

ISO 27001 Centix

Centix is ISO certified

At Centix, ISO certification is a commitment to ensuring the quality and safety of our processes. We have been doing that for years. Wilbur, Centix’s Security Officer, oversees ISO 27001 on a daily basis, focusing on information security. He emphasises, “This certification signifies our dedication to safeguarding customer data, assuring our clients that their information is in safe hands.”

How do you manage data access?

Centix offers the option of having users log into your environment. This can include both your own staff, who need to perform operations in Centix, and customers who have their data in your system. To avoid privacy issues, it is essential to manage data access properly.

Provide each user with their own login details

Ensure that everyone, including customers, has individual login credentials. Sharing accounts poses risks, such as a lack of oversight on who has access, where, and when. This can result in unrestricted access for anyone to any customer or location, compromising the privacy and integrity of data. Centix employs a licensing structure that renders account sharing unnecessary. Unlike a per-account payment model, Centix considers the simultaneity of logins by different users. Consequently, you can create an unlimited number of user accounts.

Create clear guidelines regarding user rights

It is crucial to ensure that users only have access to functions and data relevant to their tasks. In Centix, you can establish data restrictions, allowing access to be limited based on roles, individuals, business units, or teams. While Centix provides default system roles with associated restrictions, you also have the flexibility to modify these restrictions or create custom system roles with specific limitations. For instance, the default roles in Centix may have the ability to delete enabled, but administrators can adjust this setting. Centix empowers the management team to fine-tune access rights according to the organisation’s specific needs and privacy requirements..

Never share passwords

When providing a user account, prioritizing security is crucial. Instead of sharing a password, Centix offers the option of sending an account activation link. Alternatively, you can set a temporarily generated password. In such cases, provide only the username and guide the user to the reset password functionality rather than sharing the password directly.

In Centix, you can enforce the creation of secure passwords for user accounts. The administrator can configure these settings via the Admin panel (‘system tasks’ >  ‘user system settings’), where mandatory password components, such as uppercase letters and/or numbers, can be enabled or disabled. Additionally, the administrator can set the minimum number of characters required for the password. Beyond ensuring a secure password, administrators can choose to automatically block an account after a certain number of login attempts, thereby preventing unauthorized access. 

If possible, use centrally maintained accounts (via SSO)

We often observe that when a Centix user leaves, their user rights are sometimes forgotten to be revoked. To mitigate this, Centix recommends implementing Single Sign-On (SSO) internally. SSO is an authentication process that enables users to access multiple applications/systems within a network using a single set of login credentials. Aside from enhancing user convenience, SSO minimises the risk of password loss or misuse. It alsoprovides a higher level of security by centralising the management of access rights. Centix includes SSO as a standard functionality. If your Centix environment is connected to SSO, simply process the exit in your SSO provider, and the Centix user right will be automatically revoked.

Delete rights and data in case of the end of employment/customer relationship

There are times when an employee leaves employment or the customer relationship is terminated. In such cases, individuals have the right to be ‘forgotten’. To accomplish this, follow these steps:

 

  1. Block users who should no longer have access.
  2. If necessary, anonymise data (partially) if deletion is not possible, for example, in the case of an inspector’s records.
  3. If it involves the departure of the Centix main contact person, it is important to report the departure to Centix and provide information about the new Centix contact person.

Preform regular access checks

It is recommended to conduct regular reviews of user session logs. These logs offer insights into the login activities, enabling you to track who accessed the system and when. It is advisable to conduct these checks, such as on a monthly basis, to promptly identify any unauthorised users and take appropriate action.

Experience Centix Online for yourself and request
your own demo account!

Got curious and want to try Centix for your organisation yourself? Then request a demo quickly! It is non-binding and free!