TCM succeeds intrusion tests and is GDPR compliant

The General Data Protection Regulation (GDPR) is applicable since 25 May 2018. The purpose of this regulation is to protect the privacy of European citizens. One of the important aspects is on the technical side where records must be securely handled and stored so only people that need access to such data can get at it. TCM uses securedsystemsandmethodsfor managing debt collection claims.‘Cloud Computing’TCM shifted form own in-house servers to cloud computing in 2014. Data is now stored in anAWS (Amazon Web Services)data bank. One of the great advantages of this solution is its accessibility from any connected device, from anywhere in the world at any time. Another improvement is security as AWS provides much better security as compared to what we could manage with our in-house system.Intrusion testsNaturally, design is paramount and we needed to check that our solutions are hacker proof. We asked thecomputer firmEASIto undergo penetration testing. They have a dedicated team for such ‘ethical hacking’.  They attempt in different ways to pass through the closed doors. The ‘ethical hackers’ were provided with IP addresses and went to work between 7 and 11 July 2018. All our data banks (production, copy, replica) were tested.What tests?They performed:

• Vulnerability Scan
• Infrastructure intrusion tests & validation of found vulnerabilities
• Website/Web Application testing (SQL Injection, Fuzzing…)
• Report with recommendations
• Report presentation and debriefing

ResultsBased on the tests performed, EASI delivered a certificate on 21st August 2018. Our system passed the tests comfortably. It has not been possible for the ‘ethical hackers’ to get into our system and no personal data (or other data) could be accessed. Our system can be considered as secure and well protected against hackers. Hence we can confirm to our clients that any confidential data is treated as such and stored in a technically safe way. TCM uses tools and processes that are GDPR compliant and protects citizens’ data.   Pleasecontact usfor any question. We are here to assist you.

The General Data Protection Regulation (GDPR) is applicable since 25 May 2018. The purpose of this regulation is to protect the privacy of European citizens. One of the important aspects is on the technical side where records must be securely handled and stored so only people that need access to such data can get at it. TCM uses securedsystemsandmethodsfor managing debt collection claims.‘Cloud Computing’TCM shifted form own in-house servers to cloud computing in 2014. Data is now stored in anAWS (Amazon Web Services)data bank. One of the great advantages of this solution is its accessibility from any connected device, from anywhere in the world at any time. Another improvement is security as AWS provides much better security as compared to what we could manage with our in-house system.Intrusion testsNaturally, design is paramount and we needed to check that our solutions are hacker proof. We asked thecomputer firmEASIto undergo penetration testing. They have a dedicated team for such ‘ethical hacking’.  They attempt in different ways to pass through the closed doors. The ‘ethical hackers’ were provided with IP addresses and went to work between 7 and 11 July 2018. All our data banks (production, copy, replica) were tested.What tests?They performed:

• Vulnerability Scan
• Infrastructure intrusion tests & validation of found vulnerabilities
• Website/Web Application testing (SQL Injection, Fuzzing…)
• Report with recommendations
• Report presentation and debriefing

ResultsBased on the tests performed, EASI delivered a certificate on 21st August 2018. Our system passed the tests comfortably. It has not been possible for the ‘ethical hackers’ to get into our system and no personal data (or other data) could be accessed. Our system can be considered as secure and well protected against hackers. Hence we can confirm to our clients that any confidential data is treated as such and stored in a technically safe way. TCM uses tools and processes that are GDPR compliant and protects citizens’ data.   Pleasecontact usfor any question. We are here to assist you.