The unique PMG security concept

Hosted in Germany. Multiple certifications, fully encrypted and protected by multi-factor authentication if required.

How we guarantee security

Data protection and compliance

Security begins with people. That is why all PMG employees are bound by data protection regulations (Art. 29 GDPR) and a non-disclosure obligation.

German data center

Our PMG cloud stores your files on redundant server clusters in spatially separate data centers with ISO 27001 and IT baseline protection certification from the German Federal Office for Information Security. Daily backups offer additional protection.

AES-256 encryption

Encrypted transmission of data is supported by TLS 1.2 with Forward Security. Storage is also encrypted (AES-256).

Multi-level security system

Our numerous security measures include DDoS protection, a virus scanner that is always up-to-date, hardened server systems, regular vulnerability scans (PCI-DSS-compliant) and multi-level firewalls.

Granular rights management

Our PMG cloud provides you with comprehensive rights management. You allocate specific rights to individuals, groups, or roles. Clear rights reports document the status and can be viewed transparently.

Audit-compliant logging

All user activities are logged ready for audit. Our cloud also creates a checksum (hash) for every file as its unique identification. Files (including all their versions) are not deleted, but simply blocked. All data is always seamlessly available to you.

Penetration tests

We arrange for the security of our system to be checked at regular intervals by independent penetration tests. The test uses OWASP criteria, among other things.

Security audit

At regular intervals, we review the security measures of our service providers and subcontractors. All partners are contractually obligated to meet the same high security and data protection standards as PMG.

Multi-factor authentication

The entire range of 2-factor authentication options is available to you for a secure login: SMS-TAN, Google Authenticator, Mail-TAN and FIDO2.

OAuth 2.0 (Open Authorization 2) Federation Services

If you do not want PMG to save passwords for authentication, simply connect your internal user administration of an active directory (AD) with PMG. Your employees can then log in as usual.

Software hosted in Germany

Our software and all the data in the system are hosted in data centers in Germany and never sent abroad, except at the express request of the client.

The hosting agreement is governed exclusively by German law, in particular German data protection law, the German Civil Code, and the German Commercial Code.

Companies awarded the SOFTWARE HOSTED IN GERMANY seal submit the current standard of their technical and organizational measures in relation to data protection to BITMi e.V.