TSE online archive - backup and provision
Purpose
The Hypersoft TSE online archive helps you to reliably fulfil your legal obligations to retain TSE data.
All TSE log files (in *.tar format) are backed up automatically.
Together with the DSFinV_K export, you can provide evidence of complete recording and signing in the event of an audit.
The archive also backs up your data in the event of a TSE change (defect, full memory, expired certificate).
Legal obligation: Retention for at least 10 years.
Special features and safety
-
Automatic backup in the background - no manual intervention required.
-
Even with several TSEs with different terms, completeness is guaranteed.
-
Defective TSE sticks: There were cases in which Swissbit sticks accepted bookings but no longer issued any data. → The online archive protects you from this, as it works independently of the stick.
-
Monitoring: Automatic test run (e.g. at the end of the month) informs support if a TSE does not provide any data.
Procedure (simplified)
Daily:
-
Export of all TSE log files to the local archive.
-
Upload the new data to the online archive (encrypted via SFTP/SSL).
Monthly:
-
Creation of a closed monthly archive.
-
Copy to TSE stick + upload to the online archive.
-
Old log files are deleted from the stick.
Subsequent licensing:
-
Existing data is also retroactively transferred to the archive
Technical basics
-
Hosting at Hetzner, certified according to ISO/IEC 27001.
-
Multiple protection: RAID, replication, additional NAS backups.
-
Access only for selected Hypersoft IT employees, GDPR-compliant.
-
Use via www.myhypersoft.de
-
→ Archive (rights-dependent).
TSE data - functions in the portal
-
Location overview with licence status, active TSE, archive size, last upload.
-
Search & filter (e.g. by location or TSE status).
-
Role-based authorisations (view archive, export, manage approvals).
-
Details per TSE: serial number, date of purchase, remaining term of certificate.
Further topics:
TSE data - exports for tests
-
Exports can be created for specific locations at any time (period selection).
-
Provision as ZIP with *.tar files.
-
Including the previous and following month in order to reliably cover examination requirements.
-
Export duration: valid for max. 30 days, after which a new export is required.
Further topics:
Cancellation / termination of use
In the event of cancellation, the archive responsibility is fully transferred back to the operator.
All data must be exported and backed up independently.
Hypersoft stores the data for a maximum of 90 days, after which automatic deletion is possible.
Note: A GoBD follow-up agreement is required in order to retain access to the portal.
Further topics: Cancellation of the TSE Online Archive
Best Practices
-
Always use the TSE online archive - protects against data loss and auditor discussions.
-
Actively point out to auditors: "All TSE data is available centrally and audit-proof in the online archive."
-
Create exports before tests and make them available for download.
-
Avoid cancellation - in-house archiving is riskier and more error-prone.
Process documentation - TSE online archive
This process description explains the exact procedure for data storage and data transfer within the TSE online archive.
The components involved are also shown.
This means that the most frequent queries from tax inspectors can already be answered - regarding the processes at the POS, data transfer, the portal and the data centre.
Commissioning
When the TSE online archive is activated for the first time, a total export of all data accumulated up to that point is created.
This export is uploaded in encrypted form to the TSE online archive and saved there as a starting stock.
Processes at the POS
With a valid licence, each connected TSE stick exports all saved log files (*.tar format) once a day.
Exports are triggered with a time delay of approx. 15 minutes after the end of day (TTA).
Not only the data of the current day is exported, but all data still available on the TSE.
In addition, TSE master data archives are written to the database approx. 1 minute after a contract is created.
Current archives
All exports are initially written to a running local archive for each TSE.
These archives are updated daily so that they always contain the complete inventory of the TSE.
If a new TSE stick is put into operation, a corresponding archive is also created for it.
Data transfer to the online archive
The current local archives are uploaded daily, within 5 hours of the TTA, in encrypted form to the TSE online archive.
Encryption takes place via SFTP and SSL.
Change of month
At the end of the month, a finalised monthly archive is created from each current archive.
This monthly archive will:
-
uploaded to the TSE online archive,
-
additionally copied to the free memory of the respective TSE stick.
-
Only then are the log files deleted from the TSE sticks.
-
A new running archive is automatically started for the new month.
TSE archive Mandatory recommendation
Thousands of Swissbit TSE sticks are used in the Hypersoft installations.
The sticks are among the most reliable solutions on the market - nevertheless, we have detected a particular defect in a small two-digit number of cases:
The stick accepts bookings correctly and confirms them, but then no longer issues any data.
The defect initially goes unnoticed and only becomes apparent during an export or an inspection.
Consequence
Without a TSE online archive (or additional manual backup), the data on this stick can no longer be exported or verified in the event of an audit.
Measures taken by Hypersoft
We have tested all of our customers' sticks remotely.
Affected customers have been informed directly and the sticks will be replaced with the support of the manufacturer.
A new Swissbit SDK (Software Development Kit) reduces the risk of this problem occurring again in the future. This SDK has already been distributed to all customers with an active support contract.
We have also implemented automatic monitoring:
A test export is carried out at the change of month.
In the event of failure, a message is immediately sent to Hypersoft support.
Recommendation
As other sources of error cannot be ruled out, we strongly recommend that all customers use the Hypersoft TSE online archive.
The archive provides reliable protection against data loss.
The majority of our customers already use this process.
Please contact your Hypersoft contact person for activation.
TSE online archive - hosting and access security
Hosting
The Hypersoft TSE online archive is operated on dedicated root servers at our hosting partner Hetzner.
The server infrastructure has multiple layers of security and fulfils the requirements for reliable, long-term data storage.
Access protection...
Access to the archive servers is only possible for selected Hypersoft employees from the IT and development departments. The authorisation management and the password guidelines comply with the current DSGVO. Further information can be found in the Hypersoft ADV (commissioned data processing), which you can download and digitally sign in the Hypersoft portal at My contracts and documents.
Information about the company Hetzner:
Link: https://www.hetzner.com/de
Hetzner GmbH is certified according to ISO/IEC 270001 , see: https://www.hetzner.com/de/unternehmen/zertifizierung/
Download the certificate at: https://www.hetzner.com/de/assets/downloads/FOX-Zertifikat.pdf
Previous certificate, download the certificate at: https://www.hetzner.com/de/pdf/FOX_Zertifikat.pdf
Link to the Hetzner homepage: About Hetzner
The certificate proves adequate security management, the security of data, the confidentiality of information and the availability of IT systems. It also confirms that safety standards are continuously improved and sustainably controlled.
The archive servers are monitored 24/7 via SNMP events in the active Hypersoft monitoring system.
Maintenance as well as troubleshooting is ensured by Hypersoft IT.
For security reasons, only one of the archive servers is accessible from the POS as well as the Hypersoft portal; the other servers replicate the data via an encrypted IP/MAC binding and are not accessible externally.
Your data is protected against loss several times over via the following systems.
-
Data mirroring per archive server via RAID
-
Replication of the archive data to further archive servers, which are also equipped with a RAID
-
Additional backups to a NAS system (Network Attached Storage)
Use TSE Online Archive
The TSE online archive can be reached at www.myhypersoft.de in the "Archives" section. Depending on the licensing and user authorisation, this menu item is displayed.
The location overview shows them all available locations. They also have an overview of the licensing, the number of TSEs, the number of active TSEs, the total size of the archive, the time of the last upload and (if available) the release status for central systems.
Note: The location list also shows their central location, which may also have TSE and need to back up their data accordingly. However, location sharing is not possible for the central location, which is why the sharing status is hidden.
Show licensing
All available sites are displayed in the TSE online archive, even if this archive has not been licensed by all sites. This way they can ensure that they have considered all locations.
TSE archives can only be uploaded with a valid licence.
Licensing details: TSE-Online-Archive Licences
Choose location
If you have a central system and manage a large number of locations, you can select the desired location via the location filter. By default, all available locations are displayed, including locations without a valid TSE Online Archive licence.
Search...
Use the "magnifying glass" icon in the title bar to activate the search and enter a search term. The table of their locations is filtered according to the search term entered and shows all hits with a yellow highlight.
You can open the submenu by clicking on the three dots in the top right-hand corner of the module TSE-Archive.
Here you can also open the Export dialogue to download TSE data for an audit.
You can also use the dialogue Location/Alias to change the internal designation of your locations so that they match your internal language usage. This change only affects the designations in our portal.
permissions
The following user authorisations are available for selection:
- Archive = main authorisation to view Hypersoft archive solutions
- TSE Archive = Here you can call up the TSE online archive and view information.
- Edit = Here you can activate or deactivate the central release.
- Export = Here you can call up the export dialogue and create and download exports.
Location details
After selecting a location, you will be taken to the location details. All TSEs ever used at this location are displayed here.
TSE status
You can further narrow down the list of TSEs per location using the "Status" filter. In the standard system, all TSEs are displayed with all their statuses.
You can choose from the following statuses:
- All: All TSEs are displayed in the list.
- Active: TSEs that are actively set up at the POS and have a valid certificate.
- Inactive: TSE that is not (no longer) in operation and may have an expired certificate.
- To be updated: The TSE status is currently updated by the POS
TSE Certificate
The TSEs from Swissbit used by Hypersoft currently have a certificate term of 5 years. After this time has elapsed, the TSE can no longer sign transactions and may no longer be used. You can also filter the list according to the validity of the certificate, so that if you have a large number of TSEs, for example, only the TSEs with an active certificate are displayed. In the column Expiry of the certificate at you can see the remaining term of each TSE.
New TSEs that have not yet been put into operation at the POS and are therefore not yet actively signing have a lifetime of 5 years, but this has nothing to do with the validity of the certificate. Only when the TSE has been put into operation at the POS is the actual remaining term of the certificate transmitted to the portal and thus also to the TSE online archive. The lifetime of a TSE also begins to expire after a cart time of approx. 5 months from manufacture, even without commissioning.
Data release for location systems
If you have a central/location system and you log into the TSE archive with a central account, you can view and export all data of the connected locations.
Depending on their legal situation, locations can also prevent the release of data to the control centre; this is set with the switch in the location details at the top right TSE data are released for the control centre.
By default, this function is activated (a data release for the head office exists), as we assume that during tax audits and the creation of TSE exports, the head office will assist in providing the data, if necessary. This setting can be adjusted by a site user at any time.
If there is no data release for a location for the Central Users, the TSE data cannot be exported. All other data can still be viewed.
The location list also shows their central location, which may also have TSE and need to back up their data accordingly. However, location sharing is not possible for the central location, which is why the sharing status is hidden.
You can open the hardware data sheet of the device management per TSE by selecting the desired TSE.
Further topics: TSEs in the device management.
The "Unit details" dialogue shows you all relevant information about the selected TSE. Among other things, the serial number, the date of purchase and the respective lifetime are displayed, i.e. the time for which the TSE certificate is still valid.
In the event of an audit, they may have to export the TSE log files at short notice for a specific location and time period and make them available to the auditor on a data stick. The Export dialogue allows you to create new exports, download existing exports and view their export history.
Create export...
You can create a new export at any time, provided you have the appropriate user authorisation.
For this purpose, please indicate the desired location as well as a time period from / to in months or years, yes according to the requirement of your audit. Use the input field Notification to to enter an e-mail address that will be notified when the export is ready for download.
The provision of data depends on the number of TSE sticks used, their booking volume, as well as the specified time period.
Then press the "Export" button to create the export order and request the provision of the data.
To be on the safe side, the exported data always includes the previous or following month of the selected period, as the upload algorithm can cause a time shift of a few days.
Notification...
If you have entered an e-mail address in the field Notification to, you will receive a message when your export is ready for download. For security reasons, this is only a notification, the download is exclusively via the TSE Online Archive using your authorisation at www.myhypersoft.de:
If your export order fails, we will also inform you by email about the incident. Please create a new export in case of an error.
The export history shows you all current and past export orders. This way, they can always check which data has already been exported and made available for audits. You can also see here when the export was generated for which location and period by which user.
Download...
Within 30 days, the exported data can be downloaded via the download icon. We create a ZIP archive which contains all *.tar files (TSE log files) unchanged.
Running time...
Exports have a validity period of 30 days. After these 30 days, no more downloads are possible for security reasons. If you want to download an export that was created more than 30 days ago, please create a new export order for the same location and period.
The remaining download runtime of the exports is shown in the column Status in days.
Cancellation of the TSE Online Archive
Further topics: Questions on change of ownership or termination of business
If you wish to cancel the TSE online archive, please note the following information:
Responsibilities...
You are responsible for keeping and archiving the log files of your TSE signature unit.
In the case of the TSE online archive, Hypersoft takes on this responsibility and redundantly backs up your data as long as you have booked this service with Hypersoft and play your part in the service delivery. In the event of termination of our service, we will transfer this responsibility back to you. You must then take care of your data and export the data from the TSE Online Archive for this purpose.
Exporting data after closing the TSE Online Archive...
Using the Export function, you can export your log files saved up to that point, download them and transfer them to a data carrier of your choice so that you have them at your disposal and can hand them over in the event of an audit.
We can either strictly reject a reference by you to Hypersoft as the storage location for your data after the end of the cooperation or, if the data is available to us, we must hand it over to bodies authorised to enforce the handover of such data.
Important information after cancellation of the TSE Online Archive...
During a subsequent check, please note the possible difficulties in assigning the log file periods, TSE sticks used, as well as the security of your data carriers. This information can only be derived from your own records. We will retain your data for approximately 90 days in the event of termination before it can be automatically deleted if necessary. Of course, you can license the TSE online archive again during this time, so that we transfer any new log files created in the meantime to your archive.
If you no longer wish to use Hypersoft with all products, please note that you should sign a GoBD follow-up agreement in order to continue to access our portal and your data.
Nevertheless, the grace period of 90 days until the retention of your TSE log files still applies.
Further topics: KassenSichV TSE safety device
Back to the overarching topic: Audit-relevant exports