Q: What level of security is applied for accessing the system from outside the internal network?

• Related Articles

• Q: What measures are in place in case of system failure, data loss, or cyberattack?

  A: The system is hosted in Microsoft Azure, which provides built-in redundancy, availability zones, and distributed denial-of-service (DDoS) protection. We implement defense-in-depth measures including network firewalls, identity and access ...

• Q: Does the system comply with regulations such as GDPR or other applicable standards in Spain and the EU?

  A: Yes. Azure services are GDPR-compliant, and all customer data is hosted within the EU. Data protection impact assessments (DPIAs) are conducted where required. The system also follows ISO 27001, SOC 1/2/3, and other Azure compliance frameworks.

• Q: Is there any technical documentation available regarding compliance?

  A: Yes. Microsoft provides compliance documentation and audit reports through the Azure Trust Center and Service Trust Portal. System-specific compliance documentation (GDPR measures, security configuration, and policies) can be shared under NDA.

• Q: We understand the system is hosted on Microsoft Azure and Amazon S3, with encrypted SSL communication and daily redundant backups. Could you confirm if this setup is still current and whether any changes are planned?

  A: The system is now primarily hosted on Microsoft Azure. Azure Storage is used as the main backup and file repository. SSL/TLS (minimum TLS 1.2) is enforced for all communications. Daily redundant backups remain in place, and no major infrastructure ...

• Q: Are mechanisms such as multi-factor authentication (MFA), VPN, or certificates used?

  A: Yes. Remote access uses Azure Active Directory (AAD) with modern authentication protocols (OAuth 2.0 / OpenID Connect). All logins require username and password, and Multi-Factor Authentication (MFA) could be enforced. Certificates and conditional ...