Initial Certification: 02/2017
Accellence Technologies GmbH proved that its IT product “vimacc” facilitates its privacy compliant use. vimacc is a video management software that provides for true end-to-end encryption. Users of vimacc are controllers in respect of the processing of personal data that results from the use of their respective video surveillance systems which are managed by vimacc. They are provided with guidance on how to comply with EU data protection law in a data protection leaflet and can be sure to act in compliance with EU data protection law if they follow this guidance.
Product/Version
vimacc version 2.2 – video management software
Qualification: IT product
Cert. No.
EP-P-9NXYPZ
Version of Certification Criteria
11/2011 (95/46/EC)
Gültigkeit
10/02/2017 until 28/02/2019
Public report
vimacc Short Public Report(PDF) 
Manufacturer/Provider
Accellence Technologies GmbH
Garbsener Landstr. 10
30419 Hannover
Deutschland
BEST
vimacc enables true end-to-end encryption within a video surveillance system. Video streams may be encrypted within the camera already when making use of the vimac encryption module as recommended by the manufacturer. Furthermore, Accellence Technologies provides the users of vimacc with information on privacy relevant matters in an exemplary manner by means of a data protection leaflet.
ATTENTION:
vimacc facilitates its privacy compliant use and may contribute to the legitimate implementation of a video surveillance system. However, the use of vimacc alone does not guarantee in itself that a video surveillance system complies with EU data protection law. Rather, the legitimacy of the video surveillance system needs to be evaluated separately on a case by case basis by the operator of the video surveillance system (i.e. the user of vimacc).
Summary
vimacc is a professional video management software. With vimacc a user can stream and store information from video surveillance cameras. All video data is encrypted during transfer and at rest. It is encrypted either in the camera or in the first software interface of vimacc. Accellence Technologies advices the users of vimacc that the highest level of confidentiality and integrity is achived if they make use of cameras that allow for the installation of the vimacc encryption module directly on the camera and thus for real end-to-end encryption.
For the encryption of video data, vimacc makes use of a hybrid solution of RSA and AES encryption. In order to decrypt the encrypted video data, the users of vimacc must utilise a hardware dongle with a private decryption key.
vimacc offers a comprehensive way of managing users and access rights to its users. Furthermore, it comes with a data protection friendly option that allows for the pixelating of areas forming part of a video recording. The data protection leaflet that users of vimacc are provided with informs them about privacy relevant matters in an exemplary manner. It even contains a checklist which the users can work through when planning the deployment of a video surveillance system.
Details
The target of evaluation (ToE) of the EuroPriSe certification is the software vimacc v2.2 which is configured by Accellence Technologies to run under the following restrictions:
- end-to-end encryption is activated and cannot be deactivated by an administrator of the system;
- the whole internal communication is encrypted;
- audio streams are deactivated and cannot be activated;
- the integrated http server is deactivated (not part of the ToE);
- the integrated RTSP server is deactivated (not part of the ToE);
- the integrated FTP uploader is deactivated (not part of the ToE);
- the password policies are set as delivered and cannot be deactivated, though passwords that are even stronger than is required by the default settings can be defined and used;
- any export of video streams must be encrypted and protected by passwords with defined strong policies concerning their complexity; and
- the vimacc control interface must not be set to “VIMACC_CONTROL_INTERFACE_ALL=true” which would grant full access to the system.
It must be stressed that customers of Accellence Technologies who make use of the ToE are not able to change the privacy relevant configuration elements listed above autonomously.
Further information can be found in the short public report that is available here.
Technical Evaluator
Andreas Bethke
Papenbergallee 34
25548 Kellinghusen
Deutschland
bethke@europrise-expert.com
Legal Evaluator
Stephan Hansen-Oest
Im Tal 10a
24939 Flensburg
Deutschland
sh@hansen-oest.com
Formerly Certified Versions
n.a.