System Security - CDX Web
System Security
CDX meets your security needs by providing a secure infrastructure to protect operations and data as well as additional security and privacy services
The CDX security model covers multiple layers of security aspects - from physical and network environment protection, hardware and operating system, database and application security as well as all access and authorization processes.
- The CDX application and database servers are distributed redundantly over 3 different data centres in the vicinity of Frankfurt, Germany. All data centres are equipped with redundant components like electrical power supplies, battery backup, cooling equipment and they are interconnected by high performance and redundant wide area networks. The data centres are managed by qualified and certified personnel.
- Redundant networks are protected by load balancers from external access and fully encapsulated from other systems by firewalls. The complete data exchange is based on encrypted protocols.
- All CDX application and database servers run on the Linux operating system. Virtual machine and operating system maintenance is performed by qualified staff following predefined procedures and schedules.
- The CDX database is designed to be fully redundant in 2 different physical datacenters. In case of a failure of the primary database, secondary replicated database servers take over to provide failover and disaster recovery capabilities. Continuous database backups provide the possibility to restore the data to any point of time.
- The CDX application enforces the use of encrypted HTTPS connections when working with the web system as well as for all external systems accessing CDX.
- CDX implements multi factor authentication (MFA) by requiring users to authenticate by the use of system-generated user IDs and passwords plus an external factor. User accounts are automatically de-activated after 3 wrong password/MFA attempts or when not being used for a predefined timeframe.
- Password validity time: after 9 months
- User deactivation time: after 12 months of inactivity
DXC Certifications
CDX supports the up- and download of attachments. Every attachment is checked for viruses and malware immediately when uploaded to CDX. Additionally all attachments are scanned on a daily basis with the latest virus signatures to detect infections that were unknown when uploaded. Infected files are moved to an encapsulated area (quarantine) and cannot be accessed anymore.
DXC Technology has confirmed to be fully committed to maintaining the following certifications:
- ISO 9001 Quality Management
- ISO/IEC 27001 Information Security Management
- SOC2 (Data processing facilities, SOC 3 report)
- TiSAX (Trusted Information Security Assessment Exchange)
In case you have further questions related to the CDX System Security, Data Protection, or Certifications please contact us at cdx-info@dxc.com.