Product Security

Introduction on dbWatch Control Center regarding product security

dbWatch AS has implemented reasonable administrative, technical and physical
safeguards to help protect against security incidents and privacy breaches involving a
dbWatch product, provided those products are used in accordance with
dbWatch instructions for use. However, as systems and threats evolve, no
system can be protected against all vulnerabilities and we consider our customers the most
important partner in maintaining security and privacy safeguards. If you have any concerns,
we ask that you bring them to our attention and we will investigate. Where appropriate, we
will address the issue with product changes, technical bulletins and/or responsible
disclosures to customers and regulators. dbWatch continuously strives to
improve security and privacy throughout the product lifecycle using practices such as:

• Privacy and Security by Design
• Product and Supplier Risk Assessment
• Vulnerability and Patch Management
• Secure Coding Practices and Analysis
• Vulnerability Scanning and Third-Party Testing
• Access Controls appropriate to Customer Data
• Incident Response
• Clear paths for two-way communication between customers and dbWatch.

If you would like to report a potential product related privacy or security issue (incident,
breach or vulnerability), don’t hesitate to get in touch with dbWatch by support email: support@dbwatch.com.
The purpose of this document is to detail how dbWatch security and privacy
practices have been applied to the Control Center, what you should know about
maintaining security of this product and how we can partner with you to ensure security
throughout this product’s lifecycle.

Contents

• Product Description
• Hardware Specifications
• Operating System
• Network Ports and Services
• Sensitive Data Transmitted
• Sensitive Data Stored
• Certificate infrastructure
• Crypto catalog
• Network Controls
• Encryption
• Audit Logging
• Remote Connectivity
• Disclaimer