-
What is the general description of the system?
-
Can an institution claim a backup in case of user errors, e.g., if a user accidentally deletes a draft dataset?
-
Are DANS applications and services protected against malware/ DDoS and are irregular usage patterns detected?
-
Is there a strong password policy for user accounts?
-
How often are accounts and associated access rights monitored? What policies apply to them?
-
Are personalized management accounts used or is a generic account (such as "root" or "admin") used?
-
Are hard drives and other storage media destroyed after decommissioning, and if so, how?
-
What policies are in place regarding network traffic monitoring, intrusion detection and any other detection measures?
-
How is security handled on the workstations/laptops of DANS employees?
-
Are audits being done?