This chapter describes the operational procedures of the ecrop platform and the measures taken to ensure smooth, secure, and efficient operations. It provides detailed information on the processes, responsibilities, and tools essential for the seamless functioning of the platform.

Platform Management

Platform management encompasses all activities necessary for the secure and efficient operation of the ecrop platform. This includes the following areas:
  • User Management: User management covers the creation, modification, and deletion of user accounts, the assignment of roles and permissions according to the role concept, the management of user groups and profiles, and self-service functions for users, such as password resets.
  • Configuration: Configuration management includes managing platform settings such as notifications, API limits, and security policies, as well as managing system parameters and configurations. Configuration is performed through a user-friendly interface and stored securely in a configuration management system. Infrastructure-as-Code (IaC) is used for automated provisioning and configuration of the infrastructure.
  • System Monitoring: Monitoring involves the continuous monitoring of all systems and applications to ensure availability, performance, and security. Monitoring tools such as Prometheus, Grafana, and CloudWatch are employed. Automated notifications and alerts are generated for critical events.

Security Management

Security management encompasses all measures to protect the ecrop platform from threats. It includes the following areas:
  • Access Controls: Stringent access controls are implemented at all levels (network, application, data). These controls include role-based access control (RBAC) and multi-factor authentication (MFA). Access rights are regularly reviewed and updated. All access attempts and security events are logged.
  • Key Management: Secure key generation, storage, rotation, and recovery processes are implemented. Hardware Security Modules (HSMs) are used for offline storage of private keys. Multi-level access controls and encryption protect keys.
  • Incident Response: A defined process is in place for handling security incidents and disruptions. This includes clear roles and responsibilities within the Incident Response Team, escalation paths, communication guidelines, and regular training and drills for the team. ecrop GmbH utilizes a ticketing system (Jira Service Management) for incident management and documentation.
  • Vulnerability Management: Continuous vulnerability analysis and assessment are performed. Regular security reviews and penetration tests are conducted. Vulnerabilities are remediated promptly according to a defined process. A vulnerability management tool is used for tracking, prioritizing, and managing vulnerabilities.
  • Data Backup and Recovery: Regular and automated backups of all critical data and systems are performed. Backups are stored securely at an offsite location. Tested recovery processes are in place to restore data in case of emergencies. ecrop GmbH employs various backup and recovery mechanisms, including snapshots, backups, and replication, to ensure data and system restoration in the event of a disaster.
  • Disaster Recovery and Business Continuity: ecrop GmbH has a comprehensive disaster recovery and business continuity plan (BCP) to ensure business continuity in the event of major disruptions or disasters. These plans are regularly reviewed and updated.
  • Compliance and Audit: ecrop GmbH ensures that operations comply with regulatory requirements and that compliance guidelines are adhered to. Regular audits are conducted by internal and external auditors.