Security – FAQ Certificates and legal validity Security measures for threat scenarios Encryption methods and procedures Start now > Contact To what extent is the system accessible or fail-safe? Which encryption and signature methods are supported? Are the servers operated by POLYAS? Can you name the ISO27001 certificates of your service providers? How does POLYAS ensure that online voting is secure? Is voting with POLYAS secure? What certificates does POLYAS hold? How does the encryption of votes in the database work? Is the POLYAS voting system legal? How does POLYAS ensure the availability of the servers? Do you perform hacker tests or security audits? How to ensure empty ballot boxes when the voting starts? How long is the POLYAS token? How is the integrity of the POLYAS electoral system guaranteed? How frequent is the backup of the election data? Which threat scenarios does POLYAS take into account? What are Common Criteria (CC)? Can the certification report or the certificate be viewed publicly? What does it mean to “seal the election”? How does POLYAS eliminate security threats? Which SSL version is used? Which TLS version is used? Is there a mechanism to prevent brute force attacks? What is rate limiting? Is there a monitoring to register to targeted attacks? What external reviews have been performed? What is the difference between the token and the session cookie? Are the electoral roll and the ballot box kept separate? Are the servers operated in Germany? Is the transmission channel for voting encrypted?