To ensure the security of all systems used to operate LibScie Services, we continuously improve the security measures in place to that end. You can find some of our latest security measures below.
Service Access Control
Product Access
Authentication. All Clients must have a password of at least 10 symbols length. Clients who interact with LibScie’s Services must authenticate before they can access non-public customer data.
Authorization. Services data is stored in multi-tenant storage systems accessible to Clients only via the Service interface. Clients are never granted direct access to the underlying application infrastructure. The authorization model in each of our Services is designed to ensure that only the properly assigned entities can access relevant features.
Separation of environments. We separate development, testing, and operational environments to minimize the risks of unauthorized access or changes to the operational environment.
Employee access. We minimize the number of trained employees that have (administrative) access to the products and to user data via controlled interfaces. Where possible, we enforce and use two factor authentication. Access is granted by role (on a "need to know" basis), which is minimized to as few people as is necessary to provide the services reliably. Liberate Science GmbH employees do not have physical access to Client's databases.
Infrastructure Access
Our service providers have various SOC and ISO 27001 certifications. They provide multiple physical and digital security layers (e.g., alarms, security personnel, visitor logs, hazard protection, RAID backups).
We maintain relations with the service providers as outlined in our Data Processing Agreement and minimize the amount of providers we conduct operations with. All service providers are vetted for privacy and security compliance before we engage with them.
Network security. To prevent unauthorized access of the infrastructure, we have technical measures in place using (for example) strong passwords and firewall procedures. The Services are only accessible over HTTPS.
Employee access. We limit the number of employees that have infrastructure access. All employees must use strong and unique passwords for all points of entry. Infrastructure access requires 2FA using physical security keys or other authentication methods. Access is granted by role (on a "need to know" basis), which is minimized to as few people as is necessary to provide the services reliably. All employee devices are encrypted and used with privacy protecting measures.
Data retention
Upgrades. Passwords are encrypted according to industry standards, and get rehashed from time-to-time to improve their security. This happens programmatically and without providing access to the Client’s password.
Deletion. We minimize the amount of information we store. As a rule, we delete information that is not deemed critical in our provisioning of the platform. Support emails may be stored up to 60 days for internal educational purposes. We allow users to delete their accounts at any time.
Physical information. where legally possible and not in violation of legal obligations, is destroyed according to the DIN P5 standard.
Fault tolerance. Backup and replication strategies are designed to ensure redundancy and fail-over protections during a significant processing failure. Client data is backed up to multiple durable data stores and replicated across multiple availability zones. Rollbacks are tested regularly.
Redundancy. All data is stored in a redundant manner, to prevent loss of data when one server instance fails. We use multiple availability zones to allow for continued availability of the services, and create automated backups.