Document Properties
Overview
Intershop recognize that client’s entrusting their business to use our platform involves important considerations regarding risk, security, and operational continuity. While Intershop Disaster Recovery (DR) plans and Business Continuity Management (BCM) strategy are based on industry best practices and follows an ISO 27001-based information security framework, our DR plans and BCM cover company-wide operations and are not specific to individual client environments. However, we want to assure our clients' that our platform and internal processes are designed, implemented, and regularly audited (including against ISO 27001) to protect your interests, and inline with Intershop core goals of providing a leading e-commerce platform.
This documents outlines the concept of the how Intershop’s internal processes, related to hosting and supporting the Intershop Commerce Platform, are defined and implemented, to address the risks and disaster scenarios as outlined within the Intershop’s DR plans, and BCM for mission-critical services, to ensure that the continuous Confidentiality, Integrity, and Availability (CIA) of the platform and the client data within.
Document Objective
A common question that Intershop receives from clients, is what our Disaster Recovery (DR) plans and Business Continuity Management are. These are the result of client’s own internal processes, such as:
Technical specification assessment or challenges
Vendor due-diligence, compliance and regulatory assessments
Risk assessment
Vendor evaluation
The objective of this document is to provide clients with an initial starting point to the topic of, how Intershop approaches DR and BCM in relation to the systems that Intershop hosts and manages for them. Specifically, how Intershop manages the availability and confidentiality of the Intershop Commerce Platform.
This document serves as a resource:
For clients to use a input for defining and evaluating their own risks and DR plans, based on the information on how Intershop hosts and manages the Intershop Commerce Platform.
To KBs that provide technical guides, configurations, specifications and cookbooks related to:
The availability of the Intershop Commerce Platform and client data.
The confidentiality of the Intershop Commerce Platform and client data.
On understanding how Security Incident Management is structured within Intershop, including:
Client communication channels.
Incidents reported by clients.
Incidents reported internally or by 3rd parties.
Overview of internal escalation channels and processes
Reporting and notification time-lines
This document does not provide a comprehensive list of:
Disaster scenarios that affect that Intershop as a whole.
Disaster scenarios that affect the Intershop Commerce Platform.
Risks associated when clients use the Intershop Commerce Platform.
Tasks, processes, or plans that Intershop has defined and are in place to address a disaster.
Definitions
Info:
Certain domain areas have defined names and terminology for topics, concepts or processes. This section lists certain established definitions to ensure that the correct and consistent terminology is used, and to remove ambiguity in discussion between domain experts.
Difference Between an Incident, Security Incident, and Incident Management?
Issue
Any identified problem, concern, or question that requires attention, investigation, or action.
It may not immediately disrupt service or processes, but could potentially lead to incidents or affect performance if unaddressed.
Issues can include known errors, process gaps, user complaints, or potential risks
Info:
All client problems with the Intershop Commerce Platform are treated as issues and treated a daily operational tasks.
Should clients detect or observe an issue with their Intershop Commerce Platform, they are requested to open a service ticket as defined here: https://service.intershop.com/csm/en/faq-how-to-use-our-service-portal?id=kb_article_view&sys_kb_id=78bd1885c3e7b5501264d42f0501315f#mcetoc_1hkol3rrh2
All issues are investigate for cause and resolution options, and implemented immediately.
Issues that do not offer a immediate fix or resolution, are escalated internally, as a Incident or Security Incident.
Incident
Any unplanned interruption or reduction in the quality of an Intershop Commerce Platform. The cause of which could be internal (Intershop) or external (e.g. Microsoft Azure).
Can refer to hardware failures, software bugs, network outages, or user errors.
Not always related to security; it could be operational, technical, or functional.
Security Incident
A specific type of incident that threatens the confidentiality, integrity, or availability of information or information systems. This can be specific to a single client within the Intershop Commerce Platform; the whole Intershop Commerce Platform; or Intershop in general.
Examples include unauthorised access, data breaches, malware infections, or denial-of-service attacks.
Always has a security impact or risk—even if no damage has occurred yet.
Incident Management
The process or set of practices for identifying, recording, analyzing, and resolving incidents.
Aims to restore normal service operation as quickly as possible and minimize business impact.
Covers all types of incidents, including both general and security incidents, using standardized procedures.
Info:
Client issues rated above medium impact are treated as security incidents and escalated to Intershop’s Security and Compliance teams, since they may need extra coordination, documentation, and possibly authority notification.
Lower-impact issues are handled through normal daily operations, with escalation channels available if needed.
What is a Disaster?
A disaster is an incident that has a major implication on whether Intershop can continue operating as a business
A (significant/major) problem in a client environment is not a disaster, normal Intershop incident reporting & support processes are to be followed
Addressing Client Concerns in Using the Intershop Commerce Platform
Intershop understands that selecting our platform involves careful consideration of specific risks and concerns. To give you confidence in your decision, our approach is grounded in due diligence; thorough risk assessment; and industry best practices; to safeguard the confidentiality, integrity, and availability (CIA) of the Intershop Commerce Platform.
In this context, we understand that your core questions are
How is the availability of the platform and your data ensured?
How is the confidentiality of your data protected on or within the platform?
How is the integrity of your data and transactions maintained?
The following sections provide detailed answers to these important questions
Intershop Internal Process and Responsibilities
To effectively manage potential risks and uphold the highest standards of security, Intershop has established comprehensive internal processes and clearly defined responsibilities. We identify and assess risks relevant to our platform, and implement robust Technical and Organisational Measures (TOMs) to address them. These measures are specifically designed to protect the confidentiality, integrity, and availability (CIA) of your data and services.
The following section outlines the key risks and the controls we have in place for each CIA pillar:
Availability of the Intershop Commerce Platform and Client Data
Potential Risks
Internal issues within Intershop operations or infrastructure.
Service disruptions or outages at Microsoft Azure (our cloud infrastructure provider).
Application issues, whether from the standard platform or client-specific customisations.
Technical and Organisational Measures (TOMs)
Redundancy: All critical system components within the client’s production environment are fully redundant to minimize single points of failure.
Multi-Factor Authentication (MFA): Required for access to all internal administrative portals to prevent unauthorized access.
Vulnerability and Patch Management: Ongoing management and timely patching of the core Intershop Commerce Platform to address known vulnerabilities (note: client customizations are not included).
Aligned of SLA agreement is all vendors: Established Service Level Agreements (SLAs), and specifically with Microsoft Azure, and ensuring that our internal cloud operations processes are aligned accordingly.
Monitoring and Alerting: Comprehensive monitoring and alerting tools operate from multiple geographic locations to detect and respond to issues rapidly.
Backup and Recovery Processes: Comprehensive backup and recovery plans exist for essential components, including shared file services and databases, to ensure data availability in case of incidents.
Automated Recovery: Containerized workloads are automatically recovered in the event of failure, ensuring minimal downtime.
Backups Availability Zone (AZ): Backups are made to backup availability zones, if necessary, to ensure fail-over protection. They are geo-redundant and within AZ.
Automated Deployments: Deployment processes are automated to reduce the risk of human error during rollouts and updates.
Environment Isolation: Development and test environments are logically separated from production environments to prevent cross-environment impact.
Access Control Lists (ACLs) and IP Restrictions: Strict ACLs and IP address restrictions are enforced to limit access to critical systems.
VPN-Secured Channels: Administrative access is only permitted through VPN-secured channels for enhanced security.
Audit Logging and Alerting: All administrative and critical activities are logged, with alerts configured for unauthorized or suspicious activity.
Platform Availability Support types (SLA)
Platform availability is usually defined in your contract.
The Recovery Time Objective/Recovery Point Objective (RTO/RPO) are defined within the “Service Description” section/document (DE/EN).
Confidentiality of the Intershop Commerce Platform and Client Data
Potential Risks
Data Integrity Breach: Corruption or inconsistency due to system failure or application error
Data Loss: Accidental deletion or disaster-related loss of information
Unauthorized Access: Compromise of data confidentiality due to external or internal actors
Mitigation Measures in Place
Standardized Platform Architecture: Uniform design and deployment practices reduce complexity and errors
IP Whitelisting: Access to environments is restricted to authorized IP ranges only
Segregated Environments: Production, test, and development environments are logically and physically separated
Automated Backup and Restore Processes: Regular, geo-redundant backups with defined restoration workflows
Access Controls: Role-based access, VPN, and audit logging to restrict and monitor user access
Potential Risks
Unauthorized Access: Compromise of data confidentiality by external attackers or internal actors.
Data Loss: Accidental deletion, disaster-related loss, or unauthorized data exfiltration.
Data Integrity Breach: Data corruption or inconsistency due to system failure, application error, or malicious activity.
Technical and Organizational Measures (TOMs)
Standardized Platform Architecture: Uniform design and deployment practices reduce complexity and the risk of misconfiguration, helping to prevent unauthorized access.
IP Whitelisting: Access to platform back-end is restricted to authorized IP ranges, reducing exposure to unauthorized parties.
Segregated Environments: Production, test, and development environments are logically and physically separated to prevent unauthorized access or data leakage between environments, including other clients.
Automated Backup and Restore Processes: Regular, geo-redundant backups with defined restoration workflows help prevent data loss and unauthorized access to backup data.
Access Controls: Role-based access control (RBAC), enforced VPN requirements for administrative access, and audit logging restrict and monitor user access to sensitive data.
Multi-Factor Authentication (MFA): Required for access to all internal administrative portals to prevent unauthorized access.
Access Control Lists (ACLs) and IP Restrictions: Strict ACLs and IP address restrictions are enforced to limit access to critical systems.
VPN-Secured Channels: Administrative access is only permitted through VPN-secured channels for enhanced security.
Audit Logging and Alerting: All access and administrative actions are logged and monitored, with alerts for any unauthorized or suspicious activity.
Environment Isolation: Logical separation of development, test, and production environments prevents unauthorized cross-environment access.
Backup and Recovery Processes: Backup plans include controls to ensure only authorized personnel can access and restore backup data.
Integrity of the Intershop Commerce Platform and Client Data
Potential Risks
Data Corruption: Unintentional or malicious modification of data due to system failures, application errors, or unauthorized actions.
Unauthorized Changes: Alteration of data, configurations, or system components by unauthorized users or processes.
Incomplete or Inconsistent Data: Errors during data transfer, backup, or restore operations leading to missing or inconsistent information.
Technical and Organizational Measures (TOMs)
Standardized Platform Architecture: Consistent design and deployment practices help prevent configuration drift and reduce the risk of data corruption or unauthorized changes.
Segregated Environments: Logical and physical separation of production, test, and development environments ensures changes are tested before being deployed to production, minimizing the risk of introducing errors.
Automated Deployments: Automated deployment processes reduce the risk of human error and ensure that only validated changes are introduced to production systems.
Access Controls: Role-based access control (RBAC) ensures that only authorized personnel can modify critical data or system configurations.
Audit Logging and Alerting: Comprehensive logging of user and system activities, with real-time alerts for unauthorized or suspicious changes, supports the detection and investigation of integrity-related incidents.
Vulnerability and Patch Management: Ongoing management and timely patching of the core Intershop Commerce Platform to address known vulnerabilities (note: client customizations are not included).
Automated Backup and Restore Processes: Regular, geo-redundant backups with tested restoration workflows ensure that data can be recovered to a known good state in case of corruption or loss.
Backup and Recovery Processes: Clearly defined procedures for restoring shared file services and databases help ensure data consistency and completeness after an incident.
Monitoring and Alerting: Continuous monitoring of system health and data integrity, with alerts for anomalies or integrity violations.
Environment Isolation: Logical separation of environments ensures that changes in non-production environments cannot affect production data integrity.
Relevant Knowledge Base (KB) Articles:
Topic area or Article title | Link | Relevance to CIA |
|---|---|---|
How to contact Intershop Service | Confidentiality, Integrity, Availability | |
How to request a restore of the platform / database | Integrity | |
Recovery Time Objectives (RTO) und RPO | See your Intershop Commerce Platform - Service Description (DE/EN) | Availability |
Communication Strategy
Support Portal Usage
The Intershop Support Portal shall be used for all ticket-based communication.
Responsible staff, including Engineers and Service Managers, will manage tickets.
Emergency contacts must be notified when required.
See How to add Emergency Contacts to the Intershop Service Portal for guidance.
General Issue Communication
General issues will be published as “Important Information” in the Service Portal.
Clients will also receive updates through the Intershop Newsletter via email.
Major Incidents & Disaster Classification
A major incident is classified as a disaster if it impacts Intershop’s business operations.
In such cases, Intershop will follow the procedures established in the Security Incident Reporting & Response Process.
General Limitations of Intershop’s Capabilities to Guarantee the Platform
Intershop is committed to maintaining the confidentiality, integrity, and availability of the Intershop Commerce Platform, and has dedicated significant resources to these goals. However, there are inherent limitations to what Intershop can guarantee, and certain responsibilities that fall outside our direct control.
A subset of these limitation that are relevant to this document are listed below.
Limitations and Shared Responsibilities:
Cloud Infrastructure Availability:
The availability of the platform is dependent on the Service Level Agreement (SLA) established between Intershop and our cloud infrastructure provider, Microsoft Azure. While we align our operations with Azure’s standards and strive for high availability, ultimate uptime is subject to the terms and performance of Azure as our infrastructure partner.Client Responsibility to Remain Current:
Clients are responsible for keeping their platform environments up to date, including applying relevant updates, patches, and recommended configurations provided by Intershop. Failure to do so may expose the platform to risks that are beyond Intershop’s control.Client Customizations:
The Intershop Commerce Platform allows extensive customization to meet specific business needs. However, any customizations implemented by the client or third parties are outside the scope of Intershop’s direct responsibility. This includes custom code, integrations, and configurations.Vulnerabilities in Customizations:
Security vulnerabilities or operational issues introduced through client-specific customizations, extensions, or third-party integrations are the responsibility of the client. Intershop does not guarantee the security, integrity, or availability of custom elements not delivered or maintained by Intershop.
For detailed terms and conditions regarding support and responsibilities, please refer to the following documents:
References
ISO 27001 Controls Addressed in This Document
A.5 Organizational Controls
A.5.1 Policies for Information Security: Establishment and communication of security policies and responsibilities.
A.5.23 Information Security in Supplier Relationships: Management of third-party (Azure) relationships and SLAs.
A.5.30 ICT Readiness for Business Continuity: Measures for backup, recovery, and continuity of platform services.
A.5.34 Information Security Incident Management: Incident identification, response, and recovery processes.
A.5.35 Information Security in Project Management: Security considerations in platform development, deployment, and client customizations
A.6 People Controls
A.6.2 Information Security Awareness, Education, and Training: Ensuring staff are aware of and trained in security and incident management processes.
A.8 Technological Controls
A.8.1 User Endpoint Devices: Controls over administrative access, including VPN and MFA.
A.8.2 Privileged Access Rights: Role-based access control (RBAC) and least privilege principles.
A.8.3 Information Access Restriction: Use of ACLs, IP whitelisting, and environment isolation.
A.8.4 Access to Source Code: (If applicable) Restriction and monitoring of access to platform code.
A.8.7 Protection Against Malware: Patch management and vulnerability management.
A.8.8 Management of Technical Vulnerabilities: Regular vulnerability scanning and patching.
A.8.9 Configuration Management: Standardized architecture, automated deployments, and environment segregation.
A.8.10 Information Deletion: Backup and restore procedures, including deletion and recovery.
A.8.11 Data Masking and Encryption: (If implemented) Encryption and protection of data at rest and in transit.
A.8.12 Logging and Monitoring: Audit logging, monitoring, and alerting for unauthorized activity.
A.8.14 Security of Network Services: VPN-secured channels and network access controls.
A.8.16 Monitoring Activities: Continuous monitoring of system health and security events.
Disclaimer
The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Website, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.