Last edited one week ago
by Monique Gähl

Setup:Release History and Info:Trust and Safety/Privacy and information security: Difference between pages

(Difference between pages)
mNo edit summary
 
No edit summary
Tag: 2017 source edit
 
Line 1: Line 1:
{{Featurepage|featured=true|featuredesc=Latest release: 4.3.1|featurestart=07/20/2023}}
Here you will find the most important information on the topics of data protection and information security relating to the BlueSpice software.
{{Messagebox|boxtype=note|Note text=Support für BlueSpice 3.x ended on March 15, 2023.}}   


BlueSpice  versioning follows the ''Semantic Versioning Specification'' from [https://semver.org/lang/de/ semver.org].     
== Declarations, contracts and directories ==
Hallo Welt! ensures compliance with the relevant '''data protection laws'''. For a company in Germany, these are the '''EU General Data Protection Regulation''' (EU-GDPR) as well as supplementary regulations in the '''Federal Data Protection Act''' (BDSG) as well as other data protection regulations when handling personal data (including the fundamental right to informational self-determination). These regulations require the provision of these documents:


{| class="wikitable" style="width:100%;"
* '''[https://bluespice.com/privacy/ Data protection declaration]''' for the use of our websites and online services
|+
* '''[https://bluespice.com/legal/ Data processing agreement]''' for our clients with the '''declaration on technical-organisational measures''' (TOM) and the '''list of sub-processors'''.
!Major Release
!Version
!Published
!Details
!Type
|-
! rowspan="16" |'''BlueSpice 4'''
|4.3.1
|July 20, 2023
|[[Setup:Release Notes#4.3.1|Release notes]]
|Patch release
|-
|4.3
|June 29, 2023
|[[BlueSpice 4.3|Description]],<br />[[Setup:Release Notes#4.3|Release notes]]
|Minor release
[[Setup:Release Notes/Content changes|Triggers content changes]]
|-
|4.2.7
|May 22, 2023
|[[Setup:Release Notes#4.2.7|Release notes]]
|Patch release
|-
| style="background-color:;" class="" |4.2.6
| style="background-color:;" class="" |March 16, 2013
| style="background-color:;" class="" |[[Setup:Release Notes#4.2.6|Release notes]]
| style="background-color:;" class="" |Patch release
|-
|4.2.5
|February 21, 2023
|[[Setup:Release Notes#4.2.5|Release notes]]
|Patch release
|-
|4.2.4
|December 15, 2022
|[[Setup:Release Notes#4.2.4|Release notes]]
|Patch release
|-
|4.2.3
|November 17, 2022
|[[Setup:Release Notes#4.2.3|Release notes]]
|Patch release
|-
|4.2.2
|October 27, 2022
|[[Setup:Release Notes#4.2.2|Release notes]]
|Patch release
|-
|4.2.1
|September 15, 2022
|[[Setup:Release Notes#4.2.1|Release notes]]
|Patch release
Security patch!
|-
|4.2
|July 28, 2022
|[[BlueSpice 4.2|Description]],
[[Setup:Release Notes#4.2|Release notes]]
|Minor release
[[Setup:Release Notes/Content changes|Triggers content changes]]
|-
|4.1.4
|June 15, 2022
|[[Setup:Release Notes#4.1.3|Release notes]]
|Patch release


Security patch!
You can find out how Hallo Welt! deals with other guidelines, certifications and standards on the [[Info:Trust and Safety/Certification and compliance|Certification and Compliance]] page.
|-
 
|4.1.3
== Technical features of the BlueSpice software ==
|April 26, 2022
In addition, BlueSpice offers a number of features that ensure data protection and information security:
|[[Setup:Release Notes#4.1.3|Release notes]]
 
|Patch release
'''Authentication'''
Security patch!
 
|-
BlueSpice supports various authentication mechanisms to meet your security requirements. In addition to the connection of user directories via LDAP, single sign-on via Kerberos or SAML can also be implemented. The use of two-factor authentication is also possible. Learn more about user authentication under: [[Info:Trust and Safety/Software - security and reliability|Software - Security & Reliability]].
|4.1.2
 
|March 17, 2022
'''Rights management'''
|[[Setup:Release Notes#4.1.2|Release notes]]
 
|Patch release
BlueSpice allows the differentiation of users, groups, roles and rights. A basic distinction is made between anonymous wiki visitors without an account and logged-in wiki users with an account. Typical roles of wiki users are:
|-
 
|4.1.1
* '''Readers''' may read and comment on content.
|February 10, 2022
* '''Editors''' may additionally edit content.
|[[Setup:Release Notes#4.1.1|Release notes]]
* '''Reviewers''' may additionally release content.
|Patch release
* '''Administrators''' may additionally make settings in the wiki.
|-
 
|4.1.0
Groups, roles and rights can be configured in principle. The handling is described in our admin manual.
|January 19, 2022
 
|[[BlueSpice 4.1|Description]],
'''Privacy Center'''
[[Setup:Release Notes#4.1.0|Release notes]]
 
|Combined major/minor release
In general, a wiki software like BlueSpice logs all user actions, including read accesses, write accesses and administrative actions. In order to meet the requirements of the EU DSGVO, BlueSpice now has the Privacy Center function. This gives wiki users these options:
|-
 
|4.1.0-RC2
* anonymisation, e.g. by making the name unrecognisable,
|(Release candidate: December 15, 2021)
* request all stored data,
|[[BlueSpice 4.1|Description]]
* information about the data recorded in the system and the possibility of exporting it,
|Combined major/minor release
* (dis)agreement with the privacy policy and the cookie policy,
|-
* deletion of the user account.
!'''BlueSpice 1-3'''
 
| colspan="4" |[[Setup:Release History/BlueSpice 1-3|Release history]]
A more detailed description of the functions can be found in the [[Manual:Extension/BlueSpicePrivacy|BlueSpice Helpdesk]].
|}
 
[[Category:Setup]]
'''Stand-alone capability'''
 
BlueSpice can be operated without access to external sources. Thus, no information flows to external service providers. BlueSpice can therefore also be used in intranets that are closed to the outside world. Internet access is recommended for the operation of BlueSpice, but not absolutely necessary.{{Textbox|boxtype=important|header=|text=Please note that the Free Edition has a reduced range of functions.|icon=yes}}
 
== Technical access to client systems ==
'''Systems hosted in the cloud'''
 
In our cloud infrastructure, only users with the rights assigned by the client have access to the data in the wiki. Access to the server by the client or third parties is not possible. The access restrictions for Hallo Welt! or their service providers are explained here: [[Info:Trust and Safety/Cloud - security and reliability|Cloud - Security and Reliability]].
 
'''On-premises systems hosted by the customer'''
 
With on-premises systems, the data is stored in the infrastructure of the customer, who is therefore also responsible for all data protection and information security issues. When working on on-premises systems, we largely follow the requirements of our customers and use their infrastructure. Hallo Welt! itself uses SSH access, VPN and Teamviewer as technologies. In addition, access is possible via interfaces provided to us by the customer.
*Common remote access tools that can be used by us:
**VPN+SSH/VPN+RDP
**Teamviewer
**Microsoft Teams
**Webex
**Fastviewer
*Common VPN clients are:
**OpenVPN
**SecurePulse
**FortiNet
*Data transmission: For the transfer of larger amounts of data, for example for migrations or backups, Hallo Welt! GmbH provides a [https://nextcloud.com/ Nextcloud] instance.
'''Employees and subcontractors'''
 
The employees of Hallo Welt! GmbH provide their services in Germany and Poland. In addition, we work with external service providers in Ukraine, India and New Zealand, who are, however, only involved in product development (not in customer systems or in the processing of data). There may be exceptions to this after consultation with the customer.
 
== External links ==
For more information on data protection and information security, please visit the product website:
 
* [https://bluespice.com/products/frequently-asked-questions/cloud/ Frequently Asked Questions: Cloud]
* [https://bluespice.com/products/frequently-asked-questions/technical-questions/ Frequently asked questions: Technology]
* [https://bluespice.com/products/frequently-asked-questions/privacy/ Frequently asked questions: Data protection]
 
[[de:Info:Trust_and_Safety/Datenschutz_und_Informationssicherheit]]

Latest revision as of 14:52, 10 August 2023

Here you will find the most important information on the topics of data protection and information security relating to the BlueSpice software.

Declarations, contracts and directories

Hallo Welt! ensures compliance with the relevant data protection laws. For a company in Germany, these are the EU General Data Protection Regulation (EU-GDPR) as well as supplementary regulations in the Federal Data Protection Act (BDSG) as well as other data protection regulations when handling personal data (including the fundamental right to informational self-determination). These regulations require the provision of these documents:

You can find out how Hallo Welt! deals with other guidelines, certifications and standards on the Certification and Compliance page.

Technical features of the BlueSpice software

In addition, BlueSpice offers a number of features that ensure data protection and information security:

Authentication

BlueSpice supports various authentication mechanisms to meet your security requirements. In addition to the connection of user directories via LDAP, single sign-on via Kerberos or SAML can also be implemented. The use of two-factor authentication is also possible. Learn more about user authentication under: Software - Security & Reliability.

Rights management

BlueSpice allows the differentiation of users, groups, roles and rights. A basic distinction is made between anonymous wiki visitors without an account and logged-in wiki users with an account. Typical roles of wiki users are:

  • Readers may read and comment on content.
  • Editors may additionally edit content.
  • Reviewers may additionally release content.
  • Administrators may additionally make settings in the wiki.

Groups, roles and rights can be configured in principle. The handling is described in our admin manual.

Privacy Center

In general, a wiki software like BlueSpice logs all user actions, including read accesses, write accesses and administrative actions. In order to meet the requirements of the EU DSGVO, BlueSpice now has the Privacy Center function. This gives wiki users these options:

  • anonymisation, e.g. by making the name unrecognisable,
  • request all stored data,
  • information about the data recorded in the system and the possibility of exporting it,
  • (dis)agreement with the privacy policy and the cookie policy,
  • deletion of the user account.

A more detailed description of the functions can be found in the BlueSpice Helpdesk.

Stand-alone capability

BlueSpice can be operated without access to external sources. Thus, no information flows to external service providers. BlueSpice can therefore also be used in intranets that are closed to the outside world. Internet access is recommended for the operation of BlueSpice, but not absolutely necessary.

Please note that the Free Edition has a reduced range of functions.


Technical access to client systems

Systems hosted in the cloud

In our cloud infrastructure, only users with the rights assigned by the client have access to the data in the wiki. Access to the server by the client or third parties is not possible. The access restrictions for Hallo Welt! or their service providers are explained here: Cloud - Security and Reliability.

On-premises systems hosted by the customer

With on-premises systems, the data is stored in the infrastructure of the customer, who is therefore also responsible for all data protection and information security issues. When working on on-premises systems, we largely follow the requirements of our customers and use their infrastructure. Hallo Welt! itself uses SSH access, VPN and Teamviewer as technologies. In addition, access is possible via interfaces provided to us by the customer.

  • Common remote access tools that can be used by us:
    • VPN+SSH/VPN+RDP
    • Teamviewer
    • Microsoft Teams
    • Webex
    • Fastviewer
  • Common VPN clients are:
    • OpenVPN
    • SecurePulse
    • FortiNet
  • Data transmission: For the transfer of larger amounts of data, for example for migrations or backups, Hallo Welt! GmbH provides a Nextcloud instance.

Employees and subcontractors

The employees of Hallo Welt! GmbH provide their services in Germany and Poland. In addition, we work with external service providers in Ukraine, India and New Zealand, who are, however, only involved in product development (not in customer systems or in the processing of data). There may be exceptions to this after consultation with the customer.

External links

For more information on data protection and information security, please visit the product website:



To submit feedback about this documentation, visit our community forum.

No categories assignedEdit

Discussions