Q: Does Barium Live follow any Information Security standards?
A: Barium Live is certified in accordance with ISO-27001 which is one of the most recognized and internationally accepted independent security standards. The certification comprises development, delivery and support of Barium Live including the handling of client information that is associated with the provision of the service.
- Barium Certificate No. 138698-2013-AIS-SWEDAC
- Read more about ISO-27001
Q: Who owns the data and content that I create on or upload to Barium Live?
A: You, of course! And if you decide not to use Barium Live anymore you can easily download your information in a structured format.
Q: If a Client leaves Barium Live, do you erase all the data associated with the Client?
A: All data will be erased if a Client leaves Barium Live. Deletion of data is also something that clients can do through self service functionality before leaving the service.
Q: Who can access the data I store on Barium Live?
- You as owner of the data can access it and also control who else that should have access to the data.
- The system administrator of Barium Live can access your data in order to help and solve issues if needed or requested by you as owner of the data.
- Limited and by Barium accepted support personell in our data centers.
NOTE! Before any personell get clearance to get in contact with Clients data, they must comply to the Barium Information security policy and must be able to show a clean criminal record before.
Audits and Security tests
Q: Who control that Barium comply with the ISO-27001 standard and how often are controls performed?
A: DNV (De Norske Veritas) is the auditor and audits are performed yearly.
Q: Does Barium perform external security and/or penetration tests?
A: Yes. Tests are performed continuously by third party.
Q: Does Barium allows audits upon Clients request?
A: We are open about how we work with information security and welcomes, on behalf of clients, audits performed by trusted review and audit firms.
Q: What is the availability of Barium Live?
A: Barium Live is available at least 99.7 percent of the time, which is more than many internal systems live up to. Over the past eighteen months our services have achieved an average availability of more than 99.9 percent.
Q: Is it possible for me to monitor performance of the service, such as response times, uptime and downtime etc?
A: You can follow the performance in realtime by visiting this site.
Physical protection of data centers
A: Barium store your data in data centers located in multiple locations in Sweden.
Q: What physical protection do these data centers have?
A: Our data centers uses all necessary protection against physical breach complying to the ISO27001 standard. Including: double alarm and authorization systems, reviewed access control, water damage and power failure protection systems.
Q: Who audit the physical security at Bariums data centers?
A: DNV perform annual reviews to ensure that our datacenters follow all the strict requirements included in the ISO27001 standard.
Q: Is data encrypted in transit?
A: Yes, we use best practice 128-bit SSL encryption for all data in transit.
Q: Is data encrypted when stored/at rest?
A: We encrypt all back-ups, both database data and files. However, data in production is not currently encrypted.
Q: Can data be encrypted with a customer-managed key
A: Not currently