IT system management

Scope of IT system management

Fellow Digitals manages IT systems through defined security controls that support the confidentiality, integrity, availability, and reliability of its platforms and services. These controls form part of the Information Security Management System (ISMS) and apply to systems within Fellow Digitals’ responsibility, in addition to security measures provided by cloud and hosting partners.

Access management

Access management controls ensure that access to systems and environments is granted, modified, and revoked in a controlled manner. Access rights are based on defined principles, such as need‑to‑know, and are supported by security measures including authentication and authorization mechanisms. This includes the application of a password policy, the controlled use of credentials, and specific attention to privileged and administrative access, supporting accountability for system use.

System integrity and vulnerability management

System integrity and vulnerability management are supported through defined processes for updates and patching. These processes help reduce exposure to known vulnerabilities and support the secure operation of systems and applications. Measures for malware protection are applied at different levels to protect systems and information against malicious software.

Environment separation

Environment separation is applied to limit risks related to development and changes. Development, test, acceptance, and production environments (DTAP/OTAP) are logically separated to reduce the risk of unintended impact on production systems or data.

Continuity and recovery

Continuity and recovery are supported through defined backup and restore measures. Backups are used to support availability of data and systems and to enable recovery in the event of incidents or disruptions, in line with continuity and resilience objectives.

Logging and monitoring

Logging and monitoring are applied to support the detection and investigation of deviations, incidents, or system failures. Relevant activities and events are logged, and access to log data is restricted to protect integrity and confidentiality. Monitoring supports timely identification of issues that may affect security or availability.

Cryptographic measures

Cryptographic measures are applied where appropriate to protect data during transport and, where relevant, during storage. This includes the use of encryption technologies to support confidentiality and protect sensitive information against unauthorized access.

Through this structured approach to IT system management, Fellow Digitals ensures that technical security controls are consistently applied, aligned with risk‑based decisions, and integrated into the broader ISMS governance framework.