Data Security

As a provider in the field of IT security, we regard the protection of data as a core task. The following technical and organizational measures (TOMs) pursuant to Art. 32 GDPR describe how we ensure a level of protection appropriate to the risk for the data entrusted to us. We review these measures regularly and adapt them to the state of the art.

Confidentiality

• Physical access control — processing in our providers' certified data centers (including ISO 27001) with controlled physical access.
• System access control — individual user accounts, end-to-end multi-factor authentication (MFA) and an up-to-date password policy.
• Data access control — role-based permissions following the principle of least privilege; access is logged.
• Separation control — logical separation of data from different clients as well as separate test and production environments.

Integrity

• Encryption — transport encryption (TLS) for all connections and encryption of data at rest where offered.
• Input & transfer control — traceability of changes via version control and logging; secured transmission channels.

Availability & resilience

• Backups — regular, tested backups with defined recovery objectives.
• Protective measures — DDoS protection, a web application firewall and monitoring of the systems we operate.
• Recoverability — documented processes for rapid recovery after an incident.

Procedures for regular review

• Updates — prompt installation of security-relevant updates and patches.
• Testing — internal security reviews and regular evaluation of the measures.
• Privacy management — documented processes, trained staff and a procedure for handling security incidents.
• Responsible disclosure — a clear reporting channel for externally discovered vulnerabilities (see Responsible Disclosure).

Commissioned processing control

The service providers we use process data exclusively on our instructions on the basis of data processing agreements. You can find details under Data Processing and Subprocessors.

Security questions?

For security-related inquiries or to request project-specific TOM documentation, you can reach us at info@reepasolutions.de. Our Trust Center provides a complete overview.

Last updated: June 2026