Last update 06/05/2024
Net Service SpA, in full transparency towards the Client regarding its Cloud services, the protection of personal data processed, the protection techniques adopted, and the security measures implemented in cloud environments, declares the following:
- All accounts related to our cloud services can be requested from our Service Desk, whose contacts are stated in the individual contracts signed with the Client.
- La crittografia è utilizzata esclusivamente nei protocolli di comunicazioni con il TLS 1.2. I Encryption is exclusively used in communication protocols with TLS 1.2. Backups are carried out with backup techniques that make the backup immutable and encrypted by default with AES-XTS 128-based encryption. Net Service is also available to provide all the support necessary to allow the Client to implement their encryption techniques, provided compatibility and security with existing service technology are ensured.
- The management of security incidents for the use of SaaS and cloud environment services allocates responsibilities as follows: the cloud service user opens a ticket with our Service Desk (see above), which handles the incident, proceeds with the resolution, and notifies the Client of the outcomes.
- Net Service is subject to third-party independent audits on the compliance of cloud service provision with applicable regulations and the requirements of the ISO/IEC 27001, ISO/IEC 27017, and ISO/IEC 27018 standards to which it is certified. These certifications are published on its official website https://www.netservice.eu/azienda.
- The data centers used in cloud services are located in Siziano (PV) and are certified ISO/IEC 27017 and ISO/IEC 27018, with their relevance periodically verified.
- All personal data related to cloud services will be made available for an additional 30 days from the date of service or contract termination. After this period, they will be deleted from the primary servers and all backup copies, including those created for business continuity purposes.
- Concerning the provided services, Net Service is responsible for the physical and logical security of the infrastructure, while the Client is responsible for the correct use of the credentials assigned for service use and for reporting any security events that may impact the service.
- Client data managed in cloud services are subject to daily incremental backup policies with a 15-day retention unless otherwise specified in the individual contracts. Biannual restore tests are conducted on data in environments with the same protection levels as production to verify the accuracy of the backup process. Upon data extraction, the data are deleted.
- In case of technical vulnerabilities impacting the cloud services provided, Net Service commits to timely patching of systems and applications, notifying the Client by email with at least five days' notice in urgent cases.
- The security measures adopted by Net Service in the provision of SaaS services include:
- Use of market-leading Cloud Service Providers at least TIER 4, holding ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018 certifications;
- Supervision of services by the IT Manager;
- Logical protections of cloud environments with system isolation;
- Secure deletion of virtual environments and non-reuse of resources allocated on individual instances.
- When using other cloud service providers, Net Service undertakes to incorporate any additional requirements requested by the Client within the service contract into the service agreements, should they be stricter than those currently in place.