System Security - CDX Web
System Security
CDX meets your security needs by providing a secure infrastructure to protect operations and data as well as additional security and privacy services. DCX's IMDS and CDX share the same security concepts and components. As a result, during meanwhile more than 20 years, the Global Automotive Industry gained and kept trust that their data are handled in a secure way using IMDS.
The CDX security model covers six layers of security aspects - from physical and network environment protection, hardware and operating system, database and application security as well as all access and authorization processes.
- The CDX application and database servers are distributed over two different DXC data centres in Germany. All DXC data centres are equipped with redundant components like electrical power supplies, battery backup, cooling equipment and they are interconnected by high performance and redundant wide area networks. The data centres are professionally managed by qualified and certified personnel.
- The redundant CDX networks are protected by load balancers from external access and fully encapsulated from other systems by firewalls. The complete data exchange is based on encrypted protocols.
- All CDX application and database servers run on the Unix operating system. Hardware and operating system maintenance is performed by qualified staff following predefined procedures.
- The CDX database is designed fully redundant. In case of a failure of the primary database, secondary replicated database servers take over in order to provide failover and disaster recovery capabilities. Continuous database backups provide the possibility to restore the data at any point of time.
- The CDX application enforces the use of encrypted HTTPS connections when working with the web system as well as for all external systems accessing CDX. All users have to authenticate by the use of system generated user IDs and passwords with a minimum length of 8 characters. Passwords have to be changed in predefined intervals and user accounts are automatically de-activated when not being used for a predefined timeframe.
- Password validity time: after 9 months
- User deactivation time: after 12 months of inactivity
DXC Certifications
CDX supports the up- and download of attachments. Every attachment is checked for viruses and malware immediately when uploaded to CDX. Additionally all attachments are scanned on a daily basis with the latest virus signatures to detect infections that were unknown when uploaded. Infected files are moved to an encapsulated area (quarantine) and cannot be accessed anymore.
DXC Technology has confirmed to be fully committed to maintaining the following certifications:
- ISO 9001 Quality Management
Boeblingen certification
Eschborn certification
Ratingen certification - ISO/IEC 27001 Information Security Management
Ruesselsheim certification
Frankfurt certification - ISO 50001 Energy Management
Frankfurt 1 and Frankfurt 3 certification - SOC1 (Virtual Private Cloud – Infrastructure Service Operations)
- SOC2 (Virtual Private Cloud – Infrastructure Service Operations)
- TiSAX (Trusted Information Security Assessment Exchange)
Sofia (BG),
Bangalore (IN),
Bratislava (SK),
Quezon City (PH),
Cyberjaya (ML),
Budapest (HU),
Lagunilla (CR),
Varna (BG)
In case you have further questions related to the CDX System Security, Data Protection, or Certifications please contact us at cdx-info@dxc.com.