ISAE 3000

Intempus ISAE 3000 TYPE 2 declaration

The General Data Protection Regulation (GDPR), or in Danish “Databeskyttelsesforordningen”, is the name of the EU’s personal data legislation. GDPR aims to protect EU citizens from misuse of their personal data. Therefore, since May 25, 2018, all European companies must have tightened their processes for how personal data is collected and processed securely. Intempus has the following certifications:’

  • ISEA 3000 declaration
  • ISEA 3000 TYPE 2 declaration

Intempus APS statement

Intempus ApS handles the processing of personal data in connection with the Intempus time registration platform for our customers who are data controllers in accordance with the Regulation of the European Parliament and the Council on the protection of persons in connection with the processing of personal data and on the free exchange of such information (data protection regulation) and law on supplementary provisions to the data protection regulation (data protection act). The accompanying description has been prepared for the use of the data controllers who have used Intempus’ time registration platform and who have a sufficient understanding to assess the description together with other information, including the technical and organizational security measures and other checks that the data controllers themselves have carried out, when assessing whether the requirements of the Data Protection Regulation and the Data Protection Act have been complied with.

Intempus ApS uses sub-data processors. The relevant control measures and associated technical and organizational security measures and other controls of these sub-processors are not included in the accompanying description. Intempus ApS confirms that the accompanying description in section 3 provides a fair description of the Intempus time registration platform and the associated technical and organizational security measures and other controls per 15 November 2021.

Questions & answers

FAQ om data processing & privacy

How does Intempus back up customer data?

Intempus performs backup of data using two independent backup systems. Each backup system sends backups to two different storage locations for a total of four separate backup locations.

A daily full backup is created using the pg_dump tool. These backups are stored on two different servers for six months. Once per week we restore one of these backups to a test system to ensure we always have good backups.

Continuous backups are created using the barman tool. This ensures new data is backed up within a few minutes of being created. These backups are stored on two different servers for 2-3 weeks. Barman monitors that the required backups are present and alerts us if backups are not being performed.

How does Intempus protect user passwords?

Passwords are stored in our database using an iterated salted hash algorithm. This means that even Intempus system administors cannot read your password from the database. The algorithm being used is known as PBKDF2-SHA256.

Intempus performs a calculation of the complexity of passwords entered by users. This is known as an entropy estimate. The calculation makes use of a third party database of passwords previously leaked from other systems. That database is named Have I Been Pwned. Intempus use the offline version of the database in order to protect against potential leaks through the HIBP API.

Each Intempus customer can choose a minimum password strength for their users. Intempus will enforce this policy when a user updates their password. The calculated entropy will not be stored by Intempus after the validation has been performed.

To protect against brute force attacks and credential stuffing Intempus will enforce a global rate limit on invalid login attempts. When the limit is exceeded the client IP address is temporarily blocked by Intempus. If necessary a range of multiple IP addresses will be blocked. The decision to block based on IP addresses was made because this is more accurate than blocking based on usernames.

Does Intempus support single-sign-on?

Intempus has support for Microsoft SSO. A customer using SSO can choose to either require their users to use SSO or to give users a choice between SSO and password logins.

How does Intempus encrypt customer data?

Communication between Intempus and users is encrypted using transport layer security (TLS). Customer data exchanged between different parts of Intempus is encrypted using either TLS or SSH.

The storage server used by our database is encrypted by the hosting provider transparent to Intempus.

Which certifications does Intempus have?

Intempus has a ISAE 3000 type 2 certification.

Cookie settings