DICENTIS Safety & Security
Find out more about the safety and data security measures of the DICENTIS conference systems
Protecting DICENTIS systems
Modern DICENTIS systems are connected to the wider AV solution over IP. While this provides huge advantages in functionality, there is also an inherent risk that comes from the networked nature of these systems. Large amounts of information circulate over these networks, which can increase the risk of cybercriminals looking to access and steal sensitive data. To provide secure and reliable products, Keenfinity has established security and data protection as fundamental requirements during the entire life cycle of our products.
Addressing potential vulnerabilities
Whether it is commercially important or safety critical, the data carried over audio networks can be extremely sensitive. For this reason, every aspect of the audio system and network needs to be addressed for security.
Solutions built on trust
DICENTIS is developed in accordance with our Security Engineering Process (SEP). We conduct comprehensive security testing for products prior to release, and regular penetration tests are performed as well. Any findings from these tests are assessed using the Common Vulnerability Scoring System (CVSSv3) (https://www.first.org/cvss/), an industry-standard framework.
Identified vulnerabilities are addressed based on their CVSSv3 rating. In addition, we perform thorough threat and risk analyses on all our equipment during development and prior to release. Even after market release, our system components and software are continually updated and enhanced throughout their lifecycle. This ensures that our solutions remain secure and dependable, giving you confidence in the robust security foundation of our products.
DICENTIS Hybrid meetings successfully passed the Pentest.
The test focused on the API used to connect to DICENTIS Hybrid meetings.
Proven Commitment to Information Security
We are ISO/IEC 27001: 2022 certified, confirming that our Information Security Management System (ISMS) meets internationally recognized standards. This certification applies to the design, development, and maintenance of our DICENTIS software (system).
ISO/IEC 27001 provides organizations of all sizes and sectors with a framework for establishing, implementing, maintaining, and continuously improving information security. Our compliance demonstrates that we manage data-related risks effectively and follow globally accepted best practices, giving our customers confidence in the integrity and reliability of our solutions.
ISO/IEC 27701:2021 certified, with this addition to ISO/IEC 27001we meet the requirements of various privacy regulations including the GDPR and manage Personally Identifiable Information (PII). It provides guidance on establishing and managing a Privacy Information Management System to protect personal information and demonstrate compliance with privacy regulations.
Certification demonstrates that we manage personal data responsibly and transparently reinforcing our commitment to data protection and customer trust.
Product and data security measures
| Security with supplier | Security engineering process | Vulnerability and incident management |
|---|---|---|
| Security with supplier We have high-quality requirements for purchased products. To ensure the security of purchased products, modules, and components, we evaluate the product security of each supplier as an integral part of our purchasing process. | Security engineering process Whenever we develop a new product, we conduct a comprehensive threat and risk analysis and create an individual security concept for the product and its integration into a complete solution. We ensure product security with comprehensive security and penetration testing during the design phase and before release. Any updates, patches, or upgrades will undergo the same rigorous tests and only be deployed once they have proven secure. | Vulnerability and incident management Because environments are constantly evolving, 100% security can never be guaranteed. To address this, we have established a structured vulnerability and incident management process to professionally manage potential product security vulnerabilities and incidents. Additionally, as part of our ongoing commitment to providing the safest and most secure solutions, we continuously adapt and enhance our processes—not only to address new security-related requirements and increasing market awareness but because we believe in upholding the highest standards of security. |
How we maximize data security to meet the highest reliability standards:
Password policy configuration
Compliance with specific guidelines and standards
Minimum TLS 1.2
A minimum version of TLS 1.2 provides maximum security.
Encrypted firmware
Verifies firmware authenticity and prevents malware insertion.
Session timeout
Manage how long a configuration session can be left unattended
Secure by default
Maximum security preset as standard
Secure and encrypted ONMEO
Authentication for OCA control and encrypted AES67 audio
Certified ISMS
Security Management System for software design, development, and maintenance according to ISO/IEC 27001:2022
Certified PIMS
Privacy Information System for software design, development and maintenance according to ISE/IEC 27701:2021
Reporting Product Security Vulnerabilities
Keenfinity takes security very seriously, and investigates all vulnerability reports.
Whenever you think you have identified a vulnerability or any other security issue related to a Keenfinity product or service please contact the Product Security Incident Response Team (PSIRT):
Speak with an expert
Enter your data here to contact one of our experts regarding this solution. For other questions, please use this link to get immediate feedback.