Q: What measures are in place in case of system failure, data loss, or cyberattack?

• Related Articles

• Q: Does the system comply with regulations such as GDPR or other applicable standards in Spain and the EU?

  A: Yes. Azure services are GDPR-compliant, and all customer data is hosted within the EU. Data protection impact assessments (DPIAs) are conducted where required. The system also follows ISO 27001, SOC 1/2/3, and other Azure compliance frameworks.

• Q: We understand the system is hosted on Microsoft Azure and Amazon S3, with encrypted SSL communication and daily redundant backups. Could you confirm if this setup is still current and whether any changes are planned?

  A: The system is now primarily hosted on Microsoft Azure. Azure Storage is used as the main backup and file repository. SSL/TLS (minimum TLS 1.2) is enforced for all communications. Daily redundant backups remain in place, and no major infrastructure ...

• Q: What controls are in place to prevent unauthorised access?

  A: Controls include conditional access (IP whitelisting, device compliance policies), Just-In-Time (JIT) access for virtual machines, continuous threat detection with Microsoft Defender for Cloud, and regular access reviews.

• Q: Is there any technical documentation available regarding compliance?

  A: Yes. Microsoft provides compliance documentation and audit reports through the Azure Trust Center and Service Trust Portal. System-specific compliance documentation (GDPR measures, security configuration, and policies) can be shared under NDA.

• Q: What level of security is applied for accessing the system from outside the internal network?

  A: Remote access is protected by Azure Active Directory (AAD) using modern authentication protocols (OAuth 2.0 / OpenID Connect). Access requires secure login with username and password, and is further protected by multi-factor authentication (MFA) ...