-
How is the software policy regulated?
-
What information security policy applies?
-
Do periodic scans take place? If so, how often?
-
Is the data at-rest (on the server) encrypted?
-
Does the backup include draft datasets?
-
Is there a separation of development, test and production servers, and if so, how is this designed?
-
Are the systems spread across multiple locations? How is this arranged?
-
Is replacement hardware available in case of a serious emergency? How is this arranged?
-
Are DANS and its subprocessors ISO27001 certified?
-
How does DANS monitor / test the security measures of the services used by subprocessors?