System Security and Data Protection / DXC Certifications
CDX meets your security needs by providing a secure infrastructure to protect operations and data as well as additional security and privacy services. DCX's IMDS and CDX share the same security concepts and components. As a result, during meanwhile more than 15 years, the Global Automotive Industry gained and kept trust that their data are handled in a secure way using IMDS.
The CDX security model covers six layers of security aspects - from physical and network environment protection, hardware and operating system, database and application security as well as all access and authorization processes.
- The CDX application and database servers are distributed over two different DXC data centres in Germany. All DXC data centres are equipped with redundant components like electrical power supplies, battery backup, cooling equipment and they are interconnected by high performance and redundant wide area networks. The data centres are professionally managed by qualified and certified personnel.
- The redundant CDX networks are protected by load balancers from external access and fully encapsulated from other systems by firewalls. The complete data exchange is based on encrypted protocols.
- All CDX application and database servers run on the Unix operating system. Hardware and operating system maintenance is performed by qualified staff following predefined procedures.
- The CDX database is designed fully redundant. In case of a failure of the primary database, secondary replicated database servers take over in order to provide failover and disaster recovery capabilities. Continuous database backups provide the possibility to restore the data at any point of time.
- The CDX application enforces the use of encrypted HTTPS connections when working with the web system as well as for all external systems accessing CDX. All users have to authenticate by the use of system generated user IDs and passwords with a minimum length of 8 characters. Passwords have to be changed in predefined intervals and user accounts are automatically de-activated when not being used for a predefined timeframe.
- Password validity time: after 9 months
- User deactivation time: after 12 months of inactivity
CDX supports the up- and download of attachments. Every attachment is checked for viruses and malware immediately when uploaded to CDX. Additionally all attachments are scanned on a daily basis with the latest virus signatures to detect infections that were unknown when uploaded. Infected files are moved to an encapsulated area (quarantine) and cannot be accessed anymore.
DXC Technology has confirmed to be fully committed to maintaining the following certifications:
- ISO 9001:2008
- ISO/IEC 20000-1:2011
- ISO/IEC 27001:2013
- ISO 20301:2012
- ISO 14001:2015
- CSA STAR
- ISO 13485
All Certificates are administered by BSI (The British Standards Institution).
In case you have further questions related to the CDX System Security, Data Protection, or Certifications please contact us at firstname.lastname@example.org.