POOL4TOOL High Secure
Alongside security tests by recognized institutions (TÜV Rheinland, ISO) and regular internal audits, we are continually working to increase system security at POOL4TOOL further and have developed your own security framework to protect your data. No other SRM provider on the markets meets our high, voluntary security standards.
POOL4TOOL High Secure is a special, highly secure system environment. Using a special system configuration on the buyer and supplier side, all communications and data transmissions occur in a high security environment.The more important elements of POOL4TOOL High Secure are:
- High Secure system access
Access to the system is only possible with a token (Yubikey or mobile TAN). It can additionally be limited to a particular IP address. Upon request, we can distribute tokens to suppliers. Internal access is only possible from the internal network or with a VPN.
The log-in behavior of each user is assessed according to security parameters. Abnormal behavior is recognized and automatically escalated by the system.
- Encrypted file storage
All documents and binary data are only stored encrypted on the file server.
- Password check
All passwords used are checked against all established cracking libraries.
The data security of the module is also checked by an external contractor.
Security audit tool
In most cases, the greatest risk comes from the weakest link. POOL4TOOL High Secure provides our well-tested security audit tool for uncovering potential security vulnerabilities and closing them permanently. This enables automatic system enquiries and provides information about potential weaknesses:
- Which user has never logged in?
- Which user is still using the initial password?
- How many times has a user attempted to log-in incorrectly?
- Which user has an expired password?
- Which users are inactive? (optional automatic lock)
- High data and system security standards
- No additional costs for IT monitoring and security audits
- Automatic tracking of user behavior
- Automatic escalation workflows in the event of unusual events