My Frontline
Frontline Mail Manager – Privacy and Security Q&A
Is the FMM data encrypted in transit and in rest?
The data in transit is always encrypted. When the AWS RDS is created, it can be configured to encrypt the data at rest. Alternatively, the FMM data at rest can be protected via IP whitelisting.
What is the backup frequency of the FMM data?
By default, backups are made of the FMM database:
- Daily (2:00 am) full backup
- Transaction log update every 5 minutes
- 7 days backup retention
- PITR to any second in time related to the available backups and the latest transction log upload (normally maximum of 5 minutes prior to the chosen recovery moment)
A backup of the customer specific configuration files is made upon change.
Which personal data is stored in FMM?
By default, mail addresses of end customers and the content of the mails that are processed by FMM are stored in the FMM database.
Where is the FMM data stored?
All FMM data is stored in either AWS location Frankfurt or AWS location Dublin.
Who can access the FMM installation?
The FMM installation with its data can be accessed by staff of Frontline Solutions and its subprocessor XQting. All FMM data is subject to confidentiality agreements between both Frontline Solutions and XQting and its staff. In addition, there are Data Processing Agreements in place between Frontline Solutions and the customer, and between Frontline Solutions and XQting. All technical staff who can access the FMM installation is in possession of an official Certificate of Good Conduct (Dutch:“Verklaring Omtrent Gedrag”).
Are FMM installations monitored?
Yes, all FMM installations are monitored in PRTG. When a threshold is exceeded, a ticket is automatically created in TOPdesk for further Incident Management.
What logging is available for FMM?
There are two sorts of logging available for a FMM environment, namely:
- Application logs
The applications themselves keep 10 days of application logging.
- Security logs
Amazon Cloud Trail is used to log security related events.
AWS CloudTrail service enabling governance, compliance, operational auditing, and risk auditing of AWS accounts. With CloudTrail, logging, continuously monitoring, and retaining account activity related to actions across AWS services is enabled. CloudTrail provides event history of the AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting. CloudTrail logs two different types of AWS API actions:
- CloudTrail management events(also known as control plane operations) show management operations that are performed on resources in your AWS account. This includes actions such as creating an Amazon S3 bucket and setting up logging.
- CloudTrail data events(also known as data plane operations) show the resource operations performed on or within a resource in your AWS account. These operations are often high-volume activities. This includes actions such as Amazon S3 object-level API activity (for example, GetObject, DeleteObject, and PutObject API operations) and Lambda function invocation activity.
What additional measures are taken to protect FMM data?
The following additional organizational and technical measures are implemented:
- Use of secure passwords which are updated regularly
- User accounts that can be tracked to 1 individual
- Availability of audit logs
- Prevention of the use of unencrypted USB drives or other external harddrives.
- Locking of desktop and laptop
- Clean desk
- Not leaving leaving laptop unattended at any time
- Privacy screens for employees
- Safe destruction of old documents, data and hardware
- Frequent security training for all employees
- External certification: ISO27001, ISAE3000 Type II, SOC2 Type II, SOC3
