Privacy and security

Privacy and security are critical to online journalism, and WDR always supports this.

System development with virtual data rooms.

Safety in all phases: from product development to daily shutdown of the equipment. VDR has taken all necessary measures to comply with the data protection regulations and the GDPR. Security measures at a very high level – the data is stored in safety and accessible only to registered users with access rights.

VDR has in its development a list of safe development recommendations that is the standard for performing application-level security checks. Virtual Dataroom regularly reviews the security of production systems and applications.
Each user has a unique username and password that must be entered at each user login. The password is not stored in clear text in the database, but only in encrypted form with secure and generally accepted algorithms to ensure the highest level of protection. In addition, every time the user logs into the system, an automatically generated one-time code is sent to the mobile user (SMS 2-factor solution).

Document security for online journalism.

All documents are stored in an encrypted data storage solution and access is only possible through Admincontrol applications. All PDF documents are read by a reader that leaves no traces of the document on the client device. The PDF reader cache is cleared when the document is closed. All other file types are processed as normal files and attachments and can be downloaded in readable form.
Admincontrol can guarantee that the document does not leave a digital footprint on the client device. The client administrator can control the printing rights for each document and specify that the document can be downloaded in the usual way or can only be read in a protected PDF reader.

Admincontrol periodically orders comprehensive security analysis and penetration testing by an external independent information security company. The analysis covers both applications and the infrastructure associated with the portal. The goal is to identify potential vulnerabilities and vulnerabilities that could be exploited by a potential hacker attack, and to eliminate potential vulnerabilities as quickly and efficiently as possible.