Security and Data Center Overview

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Security and Data Center Overview"

Transcription

1 Security and Data Center Overview September, 2012 For more information, please contact: Matt McKinney x 7201 Canadian Web Hosting (www.canadianwebhosting.com) is an independent company, hereinafter referred to as CWH. This document includes data that shall not be disclosed and shall not be duplicated, used or disclosed in whole or in part for any purpose other than to evaluate Canadian Web Hosting s services. If, however, a contract is awarded to the offeror as a result of, or in connection with, the submission of this data, client shall have the right to duplicate, use or disclose the data to the extent provided in the resulting contract. This restriction does not limit designated client right to use the information contained in this document if it is obtained from another source without restriction. All data contained herein is subject to this restriction. Please note that all offerings contained in this proposal are valid for ninety (90) days after the date of submission.

2 The rising risks of attacks, increased complexity when do occur and the escalating costs of protecting your systems again them, many companies are turning to Canadian Web Hosting as a valued partner in helping to protect their systems from attackers while helping to reduce the costs required for enterprise security. As a SSAE 16 Type II provider, our entire service offering utilizes industry leading security tools and best practices to ensure our clients servers and systems are protected. Our primary goal is to minimize exposure to common threats, identify and assess system and application vulnerabilities and provide continuous 24/7 monitoring, management and response. More importantly, today s security technologies are expensive and constantly changing. Just trying to keep up your equipment and software will require significant IT spend out of your budget and that doesn t event account for the personnel needed to maintain those technologies. With Canadian Web Hosting you will benefit from a strategic approach to security concerns and a wide spectrum of security services that create a complete security program. This document describes our physical security at each of our data centers as well as an overview of available security services to augment your security infrastructure. Physical Security As an SSAE 16 Type II provider, one of the most significant components of our security infrastructure is our compliance against data center physical security best practices. Each of our data center locations utilize the following best practices and physical security features. Built and Constructed for Ensuring Physical Protection The exterior perimeter walls, doors, and windows are constructed of materials that provide Underwriters Laboratories Inc. (UL) rated ballistic protection. Protection of the Physical Grounds The data center should have in place physical elements that serve as a physical protection barrier that protect the facility from intruders. Bullet Resistant Glass Certain areas within the data center, such as the lobby area and other entrance mechanisms, are protected by bullet proof or bullet resistant glass. Security Systems and 24x7 Backup Power

3 The data center's security systems are functioning at all times, complete with uninterruptible power supply (UPS) for ensuring its continuous operation. Cages, Cabinets and Vaults These physical structures which house equipment must be properly installed with no loose or moving components, ultimately ensuring their overall strength and rigidity. Man Trap All data centers have a man trap that allows for secure access to the data center "floor". Electronic Access Control Systems (ACS) Access to all entry points into and within the data center are protected by electronic access control mechanisms which allow only authorized individuals to enter the facility. Included within the framework of electronic access control should also be biometric safeguards, such as palm readers, iris recognition, and fingerprint readers. Provisioning Process Any individual requesting access to the data center are enrolled in a structured and documented provisioning process for ensuring the integrity of the person entering the facility. Off-boarding Process Personnel working for the data center or clients utilizing the facility services must be immediately removed from systems that have allowed access to the facility itself. This includes all electronic access control mechanism along with removal of all systems, databases, Web portals, or any other type of sign-in mechanism that requires authentication and authorization activities. Visitors All visitors must be properly identified with a current, valid form of identification and must be given a temporary facility badge allowing access to certain areas within the data center. This process must be documented in a ticketing system also. Alarms All exterior doors and sensitive areas within the facility must be hard wired with alarms. 3

4 Cameras The facility has a mixture of security cameras in place throughout all critical areas, both inside and out, of the data center. This includes the following cameras: Fixed and pan, tilt, and zoom (PTZ) cameras. "Threat Conditions Policy" Each location has a "threat conditions policy" in place whereby employees and customers are made aware of changes in the threat. Badge and Equipment Checks Periodic checks are done on employees and customers to verify badge access and equipment ownership. Local Law Enforcement Agencies Management has documented contact information for all local law enforcement officials in the case of an emergency. Paper Shredding A third-party contractor is utilized for shredding documents on-site, then removing them from the facility, all in a documented fashion, complete with sign-off each time shredding is done. Data Center Security Staff These individuals must perform a host of duties on a daily basis, such as monitor intrusion security alarm systems; dispatch mobile security officers to emergencies; monitoring to prevent unauthorized access, such as tailgating; assist all individuals who have authorized access to enter the data center; controlling access to the data center by confirming identity; issue and retrieve access badges; respond to telephone and radio communications. 4

5 Additionally, they should also conduct the following activities: Response and resolution to security alarms; customer assistance for cage lockouts and escorts; scheduled and unscheduled security inspections; enforcement of no food or drinks on the raised floor area; Enforcement of no unauthorized photography policy; fire and safety patrol inspections. Physical Security Features Specific to each location, we also utilize several additional security processes that enhance the above best practices. This includes, but is not limited to, the following: Access to sensitive areas within the data center is controlled with an electromagnetic badge and/or biometric access system that is maintained, administered and controlled by physical security or operations personnel Visitors must be prescheduled seventy-two (72) hours in advance and present a valid photo ID or and be preauthorized to gain admittance to datacenter facilities To gain access to secured raised floor area, visitors (and documented employee) must sign in and be escorted by authorized data center personnel Monitored through surveillance cameras, CCTV and regular patrols by security and operations personnel 24 hours per day, seven days per week Areas housing critical IT infrastructure are protected by a two-door access control system 5

6 Management maintains documented security policies and procedures to guide employees activities for controlling and monitoring physical access to and within the facility Digital surveillance cameras monitor and record physical access to and within the facility Video backups of surveillance activity for a minimum of 30 days A dual challenged badge access system that requires an access card and personal identification number (PIN) is used to control access and movement within the facility. This system logs facility access and is available for review purposes. Biometric fingerprint scanning is used to control access to the data center, telecom and power rooms Combination or key locks and biometric scanners must be used to access server/network equipment 6

7 Enterprise Security Services Canadian Web Hosting offers a wide range of security services to keep our clients secure. Our security solutions focus on protection across the network, safeguarding the perimeter, critical internal asses, data, remote users, and most importantly customers. As a company, we are constantly improving our security posture in real-time. All of our services start with robust antivirus, anti-spam and anti-malware tools and from there we tailor our security services platform around specific client requirements. Whether you are just looking to support your existing security infrastructure or to actively manage components of your security environment, we have both the experience and tools necessary to keep your data secure. Canadian Web Hosting s security services include: Managed IPS / IDS Full lifecycle management and 24x7 monitoring of network Intrusion Prevention or Detection Systems including use of industry leading HP Tipping Point IPS and Juniper Threat Management Gateway devices. Firewall Management Full lifecycle implementation and management of firewall including 24x7 monitoring of Firewall appliances. Each firewall can be seamlessly integrated into existing IT architecture and can be adjusted to change ongoing security needs. We utilize and offer systems from Cisco, Juniper, Watchguard, Checkpoint, as well as virtual solutions from Microsoft and Juniper. Web Application Firewall and Scanning Full lifecycle management and 24x7 monitoring Web Application Firewalls keeps your applications running smoothly while meeting ongoing corporate governance requirements. This includes URL filtering, Web content filtering and Web policy enforcement to protect against inbound and outbound Web-borne threats. We offer industry leading applications from Applicure, Incapsula and Cloudflare. Log Monitoring 24x7 real-time analysis of logs and alerts from security devices, network infrastructure, servers and other key assets by certified security experts. Log Retention Collection, archival, search and reporting of raw log data from devices, network infrastructure, servers and other log sources. 7

8 Vulnerability Management Internal and external vulnerability scanning managed by security experts to identify and remediate exposures. Security Service Protection against inbound and outbound threats, spam filtering, archival and policybased encryption including enterprise ready tools from Barracuda. Network-based DDOS Mitigation Quickly address attacks, and minimize overall downtime as well as any potential costs of bandwidth spikes that often accompany such attacks. Cloud Security Services As clients integrate into the client, we deliver expert guidance and services to help you manage the security, risk and compliance concerns of Cloud services and deployments. Security and Risk Consulting On occasion our clients need something more. Canadian Web Hosting can provide expertise, processes and services to help you improve security, comply with regulations and manage risk. IP and Threat Management Canadian Web Hosting utilizes industry leading technology from ThreatSTOP to protect our customers IPs and enhance our network-based firewalls to minimize malicious IPs from entering the network. 8

9 SAS70 Certified Canadian Web Hosting is SAS 70 Type II and CICA 5970 Type B certified and successfully demonstrated that our procedures and controls have been tested by an eligible 3 rd party. The SAS 70 Type II and CICA 5970 Type B audit provide assurances that Canadian Web Hosting customers are in secure, reliable and effective operating environments that have the proper controls for Internet operations and highly available IT services. This includes datacentre security, customer security, data storage, access and security. Data Centre Locations Listed below are the two locations that have been audited and are SAS70 Type II certified, and meet all physical security requirements. Toronto (151 Front) Secondary Location 151 Front Street Toronto, ON M5J 2N1, Canada Vancouver B.C. Primary Location 555 West Hastings Street Vancouver, BC V6B 4N5, Canada 9

10 Peering Peering is at the heart of CWH s bandwidth backbone. Through CWH s bandwidth provider, we have access to peering relationships with over 500 networks and multiple Tier 1 upstream providers so that CWH and our Clients get continued high performance, reduced latency, and lowered costs resulting in the most rewarding hosting experience of any provider. 24x7x365 NOC Support Our data centres are monitored 24x7x365, while engineers and data centre personnel keep the facilities running smoothly. CWH also has around-the-clock access to phone and online support. Regulated Climate Control Heating Ventilation Air Conditioning (HVAC) systems have full particle filtering and humidity control. The climate within each of the data centre is maintained according to ASHRAE Guidelines. This ensures mission-critical dedicated server and hardware is functioning at its best. Climate Control Systems at 151 Front Street, Toronto, Data Centre 10

11 Redundant Power Just in Case The data centre doesn t just rely on the local power grid to guarantee around-the-clock power as some providers. On-site diesel-powered generators and uninterruptible power systems (UPS) deliver redundant power if a critical incident occurs. This ensures all operations are uninterrupted and dedicated servers remain online. Infrastructure is regularly tested to perform as designed in the event of an emergency. Secured Power Control Panels at 151 Front Street, Toronto, Data Centre 11

TONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES. Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1

TONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES. Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1 TONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1 Table of Contents 1. Operational Security 2. Physical Security 3. Network

More information

Understanding Sage CRM Cloud

Understanding Sage CRM Cloud Understanding Sage CRM Cloud Data centre and platform security whitepaper Document version 2016 Table of Contents 1.0 Introduction 3 2.0 Sage CRM Cloud Data centre Infrastructure 4 2.1 Site location 4

More information

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM Las Vegas Datacenter Overview Product Overview and Data Sheet Product Data Sheet Maintaining a Software as a Service (SaaS) environment with market leading availability and security is something that Active

More information

vcloud SERVICE Virtual Tech in partnership with Equinix - vcloud Service

vcloud SERVICE Virtual Tech in partnership with Equinix - vcloud Service vcloud SERVICES vcloud SERVICE Virtual Tech offers competitive pricing on vcloud hosted services at our world class Tier 4 data centre facility fully equipped with redundant power, cooling, internet connectivity

More information

Powering the Cloud Desktop: OS33 Data Centers

Powering the Cloud Desktop: OS33 Data Centers OS33 Data Centers info@os33.com (866) 796-0310 www.os33.com It is hard to overstate the importance of security and uptime, which is why we obsess over making sure that your corporate information assets

More information

Hosted Testing and Grading

Hosted Testing and Grading Hosted Testing and Grading Technical White Paper July 2014 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or

More information

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific

More information

SITECATALYST SECURITY

SITECATALYST SECURITY SITECATALYST SECURITY Ensuring the Security of Client Data June 6, 2008 Version 2.0 CHAPTER 1 1 Omniture Security The availability, integrity and confidentiality of client data is of paramount importance

More information

Enterprise Backup Overview Protecting Your Most Important Asset

Enterprise Backup Overview Protecting Your Most Important Asset Enterprise Backup Overview Protecting Your Most Important Asset For more information, please contact: Email: sales@canadianwebhosting.com Phone: 888-821-7888 Canadian Web Hosting (www.canadianwebhosting.com)

More information

Secure, Scalable and Reliable Cloud Analytics from FusionOps

Secure, Scalable and Reliable Cloud Analytics from FusionOps White Paper Secure, Scalable and Reliable Cloud Analytics from FusionOps A FusionOps White Paper FusionOps 265 Santa Ana Court Sunnyvale, CA 94085 www.fusionops.com World-class security... 4 Physical Security...

More information

Tenzing Security Services and Best Practices

Tenzing Security Services and Best Practices Tenzing Security Services and Best Practices OVERVIEW Security is about managing risks and threats to your environment. The most basic security protection is achieved by pro-actively monitoring and intercepting

More information

CITY UNIVERSITY OF HONG KONG Physical Access Security Standard

CITY UNIVERSITY OF HONG KONG Physical Access Security Standard CITY UNIVERSITY OF HONG KONG (Approved by the Information Strategy and Governance Committee in December 2013) PUBLIC Date of Issue: 2013-12-24 Document Control Document Owner Classification Publication

More information

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the

More information

SYSTRUST CERTIFICATION REPORT FOR COLLOCATION AND DATA CENTER HOSTING SERVICES FOR THE PERIOD FROM JANUARY 1, 2013 TO DECEMBER 31, 2013

SYSTRUST CERTIFICATION REPORT FOR COLLOCATION AND DATA CENTER HOSTING SERVICES FOR THE PERIOD FROM JANUARY 1, 2013 TO DECEMBER 31, 2013 SYSTRUST CERTIFICATION REPORT FOR COLLOCATION AND DATA CENTER HOSTING SERVICES FOR THE PERIOD FROM JANUARY 1, 2013 TO DECEMBER 31, 2013 TABLE OF CONTENTS SECTION I: INDEPENDENT PRACTITIONERS TRUST SERVICES

More information

KeyLock Solutions Security and Privacy Protection Practices

KeyLock Solutions Security and Privacy Protection Practices KeyLock Solutions Overview KeyLock Solutions hosts its infrastructure at Heroku. Heroku is a cloud application platform used by organizations of all sizes to deploy and operate applications throughout

More information

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific documents requested,

More information

800 319 5581 800 319 5582 Fax www.protectmyministry.com www.mobilizemyministry.com

800 319 5581 800 319 5582 Fax www.protectmyministry.com www.mobilizemyministry.com 800 319 5581 800 319 5582 Fax www.protectmyministry.com www.mobilizemyministry.com Protect My Ministry websites including www.ministryopportunities.org have the following SSL Certificates and protection:

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

NeuStar Ultra Services Physical Security Overview

NeuStar Ultra Services Physical Security Overview NeuStar Ultra Services Physical Security Overview Mission-critical network operations must have the highest standards of quality, security and reliability. NeuStar Ultra Services currently locates its

More information

KEEN - Reliable Infrastructure, Built to Last

KEEN - Reliable Infrastructure, Built to Last KEEN - Reliable Infrastructure, Built to Last 2 KEEN--Reliable Infrastructure, Built to Last A strong network infrastructure is the underpinning of the Knowledge Elements Education Network (KEEN). It is

More information

NetSuite Data Center Fact Sheet

NetSuite Data Center Fact Sheet NetSuite Data Center Fact Sheet Enterprise-Class Data Management, Security, Performance and Availability NetSuite is the world s largest cloud ERP vendor, supporting over 20,000 organizations, processing

More information

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1 JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us

More information

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies

More information

Retention & Destruction

Retention & Destruction Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of

More information

StratusLIVE for Fundraisers Cloud Operations

StratusLIVE for Fundraisers Cloud Operations 6465 College Park Square Virginia Beach, VA 23464 757-273-8219 (main) 757-962-6989 (fax) stratuslive.com Contents Security Services... 3 Rackspace Multi Layered Approach to Security... 3 Network... 3 Rackspace

More information

CA Cloud Overview Benefits of the Hyper-V Cloud

CA Cloud Overview Benefits of the Hyper-V Cloud Benefits of the Hyper-V Cloud For more information, please contact: Email: sales@canadianwebhosting.com Ph: 888-821-7888 Canadian Web Hosting (www.canadianwebhosting.com) is an independent company, hereinafter

More information

SAS 70 Type II Audits

SAS 70 Type II Audits Thinking from IntraLinks SAS 70 Type II Audits SAS 70 Type II Audits Ensuring Data Security, Reliability and Integrity If your organization shares sensitive data over the Internet, you need rigorous controls

More information

SOC 2 Report Seattle, WA (SEF)

SOC 2 Report Seattle, WA (SEF) SOC 2 Report Seattle, WA (SEF) October 1, 2013 January 31, 2014 Independent Service Auditor s Report INTERNAP NETWORK SERVICES CORPORATION Company-Controlled Data Center Services Type 2 Report on Controls

More information

ProjectManager.com Security White Paper

ProjectManager.com Security White Paper ProjectManager.com Security White Paper Standards & Practices www.projectmanager.com Introduction ProjectManager.com (PM) developed its Security Framework to continue to provide a level of security for

More information

Independent Service Auditor s Report

Independent Service Auditor s Report Independent Service Auditor s Report Microsoft Corporation Global Foundation Services Independent SOC 3 Report for the Security and Availability Trust Principle for Microsoft GFS 1 Independent Service

More information

BEST PRACTICES FOR COMMERCIAL COMPLIANCE

BEST PRACTICES FOR COMMERCIAL COMPLIANCE BEST PRACTICES FOR COMMERCIAL COMPLIANCE [ BEST PRACTICES FOR COMMERCIAL COMPLIANCE ] 2 Contents OVERVIEW... 3 Health Insurance Portability and Accountability Act (HIPAA) of 1996... 4 Sarbanes-Oxley Act

More information

GMS GRAPHICAL MANAGEMENT SYSTEM

GMS GRAPHICAL MANAGEMENT SYSTEM GMS GRAPHICAL MANAGEMENT SYSTEM 1 GMS The integrated security management system for multi-site organizations. Pacom s Graphical Management System (GMS) is the modular client-server application that integrates

More information

Unified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES

Unified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES Unified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES SOX COMPLIANCE Achieving SOX Compliance with Professional Services The Sarbanes-Oxley (SOX)

More information

Current IBAT Endorsed Services

Current IBAT Endorsed Services Current IBAT Endorsed Services Managed Network Intrusion Prevention and Detection Service SecureWorks provides proactive management and real-time security event monitoring and analysis across your network

More information

System Security Plan University of Texas Health Science Center School of Public Health

System Security Plan University of Texas Health Science Center School of Public Health System Security Plan University of Texas Health Science Center School of Public Health Note: This is simply a template for a NIH System Security Plan. You will need to complete, or add content, to many

More information

Achieving SOX Compliance with Masergy Security Professional Services

Achieving SOX Compliance with Masergy Security Professional Services Achieving SOX Compliance with Masergy Security Professional Services The Sarbanes-Oxley (SOX) Act, also known as the Public Company Accounting Reform and Investor Protection Act of 2002 (and commonly called

More information

Small Business IT Risk Assessment

Small Business IT Risk Assessment Small Business IT Risk Assessment Company name: Completed by: Date: Where Do I Begin? A risk assessment is an important step in protecting your customers, employees, and your business, and well as complying

More information

Frankfurt Data Centre Overview

Frankfurt Data Centre Overview Technical Services Briefing Document Frankfurt Data Centre Overview Version 2.1 Contents Introduction... 3 TelecityGroup Data Centre in Frankfurt... 4 Data Centre Characteristics... 4 Technologies in Use

More information

Autodesk PLM 360 Security Whitepaper

Autodesk PLM 360 Security Whitepaper Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure

More information

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control

More information

SUPPLIER SECURITY STANDARD

SUPPLIER SECURITY STANDARD SUPPLIER SECURITY STANDARD OWNER: LEVEL 3 COMMUNICATIONS AUTHOR: LEVEL 3 GLOBAL SECURITY AUTHORIZER: DALE DREW, CSO CURRENT RELEASE: 12/09/2014 Purpose: The purpose of this Level 3 Supplier Security Standard

More information

IBM Connections Cloud Security

IBM Connections Cloud Security IBM Connections White Paper September 2014 IBM Connections Cloud Security 2 IBM Connections Cloud Security Contents 3 Introduction 4 Security-rich Infrastructure 6 Policy Enforcement Points Provide Application

More information

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security

More information

Enterprise level security, the Huddle way.

Enterprise level security, the Huddle way. Enterprise level security, the Huddle way. Security whitepaper TABLE OF CONTENTS 5 Huddle s promise Hosting environment Network infrastructure Multiple levels of security Physical security System & network

More information

System Security. Your data security is always our top priority

System Security. Your data security is always our top priority Your data security is always our top priority Data security is an important factor for every client, our continued investment in the latest technology methods and world class data centres show our commitment

More information

Altus UC Security Overview

Altus UC Security Overview Altus UC Security Overview Description Document Version D2.3 TABLE OF CONTENTS Network and Services Security 1. OVERVIEW... 1 2. PHYSICAL SECURITY... 1 2.1 FACILITY... 1 ENVIRONMENTAL SAFEGUARDS... 1 ACCESS...

More information

UCS Level 2 Report Issued to

UCS Level 2 Report Issued to UCS Level 2 Report Issued to MSPAlliance Unified Certification Standard (UCS) Report Copyright 2014 www.mspalliance.com/ucs info@mspalliance.com Welcome to the UCS report which stands for Unified Certification

More information

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards SCADA Compliance Tools For NERC-CIP The Right Tools for Bringing Your Organization in Line with the Latest Standards OVERVIEW Electrical utilities are responsible for defining critical cyber assets which

More information

DATA SECURITY POLICY. Data Security Policy

DATA SECURITY POLICY. Data Security Policy Data Security Policy Contents 1. Introduction 3 2. Purpose 4 3. Data Protection 4 4. Customer Authentication 4 5. Physical Security 5 6. Access Control 6 7. Network Security 6 8. Software Security 7 9.

More information

SECURITY OVERVIEW FOR MY.ENDNOTE.COM. In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our

SECURITY OVERVIEW FOR MY.ENDNOTE.COM. In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our ENDNOTE ONLINE SECURITY OVERVIEW FOR MY.ENDNOTE.COM In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our servers from attacks and other attempts

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture

More information

Qvidian Hosted Customer Technical Portfolio

Qvidian Hosted Customer Technical Portfolio Introduction The presents a description of Qvidian s Software as a Service (SaaS) deployment model, providing information on the Qvidian architecture and security practices. This document includes descriptions

More information

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous

More information

Enterprise Security Model in SAS Environment

Enterprise Security Model in SAS Environment Enterprise Security Model in SAS Environment WHITE PAPER Enterprise Security Model in SAS Environment Emerging internet threats coupled with strict compliance requirements of banks, financial institutions,

More information

Security from a customer s perspective. Halogen s approach to security

Security from a customer s perspective. Halogen s approach to security September 18, 2015 Security from a customer s perspective Using a cloud-based talent management program can deliver tremendous benefits to your organization, including aligning your workforce, improving

More information

SECTION I: REPORT OF INDEPENDENT SERVICE AUDITORS... 3 SECTION II: MANAGEMENT OF INTERNAP NETWORK SERVICES CORPORATION'S ASSERTION 5

SECTION I: REPORT OF INDEPENDENT SERVICE AUDITORS... 3 SECTION II: MANAGEMENT OF INTERNAP NETWORK SERVICES CORPORATION'S ASSERTION 5 SOC 2 - Availability Report on Internap Network Services Corporation's Description of its SEF Company-Controlled Data Center System and Suitability of Design and Operating of Controls Throughout the Period

More information

Itron Cloud Services Offering

Itron Cloud Services Offering Itron Cloud Services Offering WHITE PAPER TABLE OF CONTENTS Introduction... 3 Types of Services... 3 Software as a Service (SaaS)...3 Managed Services...3 On-site Managed Services...3 Benefits... 3 Infrastructure...

More information

Tenzing Security Services and Best Practices

Tenzing Security Services and Best Practices Tenzing Security Services and Best Practices OVERVIEW Security is about managing risks and threats to your environment. The most basic security protection is achieved by pro-actively monitoring and intercepting

More information

MAG DATACENTERS, LLC ( FORTRUST ) Service Organization Controls 3

MAG DATACENTERS, LLC ( FORTRUST ) Service Organization Controls 3 MAG DATACENTERS, LLC ( FORTRUST ) Service Organization Controls 3 Report on FORTRUST s Enterprise Data Center and Colocation Services System Relevant to Security and Availability For the Period October

More information

Birst Security and Reliability

Birst Security and Reliability Birst Security and Reliability Birst is Dedicated to Safeguarding Your Information 2 Birst is Dedicated to Safeguarding Your Information To protect the privacy of its customers and the safety of their

More information

SaaS architecture security

SaaS architecture security Introduction i2o solutions utilise the software as a service (or SaaS) model because it enables us to provide our customers with a robust, easy to use software platform that facilitates the rapid deployment

More information

Woodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview

Woodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview Houghton Mifflin Harcourt - Riverside (HMH - Riverside) is pleased to offer online scoring and reporting for Woodcock-Johnson IV (WJ IV) and Woodcock-Muñoz Language Survey Revised Normative Update (WMLS-R

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Netop Environment Security. Unified security to all Netop products while leveraging the benefits of cloud computing

Netop Environment Security. Unified security to all Netop products while leveraging the benefits of cloud computing Netop Environment Security Unified security to all Netop products while leveraging the benefits of cloud computing Contents Introduction... 2 AWS Infrastructure Security... 3 Standards - Compliancy...

More information

IBM Global Technology Services Preemptive security products and services

IBM Global Technology Services Preemptive security products and services IBM Global Technology Services Preemptive security products and services Providing protection ahead of the threat Today, security threats to your organization leave little margin for error. To consistently

More information

White Paper How Noah Mobile uses Microsoft Azure Core Services

White Paper How Noah Mobile uses Microsoft Azure Core Services NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah

More information

Music Recording Studio Security Program Security Assessment Version 1.1

Music Recording Studio Security Program Security Assessment Version 1.1 Music Recording Studio Security Program Security Assessment Version 1.1 DOCUMENTATION, RISK MANAGEMENT AND COMPLIANCE PERSONNEL AND RESOURCES ASSET MANAGEMENT PHYSICAL SECURITY IT SECURITY TRAINING AND

More information

Audit and Assurance Committee. Date: 16 June 2015. Contactless Security Controls Update. This paper will be considered in public.

Audit and Assurance Committee. Date: 16 June 2015. Contactless Security Controls Update. This paper will be considered in public. Audit and Assurance Committee Date: 16 June 2015 Item: Contactless Security Controls Update This paper will be considered in public 1 Summary 1.1 The use of Contactless Payment Cards to pay for travel

More information

CALNET 3 Category 7 Network Based Management Security. Table of Contents

CALNET 3 Category 7 Network Based Management Security. Table of Contents State of California IFB STPD 12-001-B CALNET 3 Category 7 Network Based Security Table of Contents 7.2.1.4.a DDoS Detection and Mitigation Features... 1 7.2.2.3 Email Monitoring Service Features... 2 7.2.3.2

More information

CONTENTS. Security Policy

CONTENTS. Security Policy CONTENTS PHYSICAL SECURITY (UK) PHYSICAL SECURITY (CHICAGO) PHYSICAL SECURITY (PHOENIX) PHYSICAL SECURITY (SINGAPORE) SYSTEM SECURITY INFRASTRUCTURE Vendor software updates Security first policy CUSTOMER

More information

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,

More information

Advantages of Managed Security Services

Advantages of Managed Security Services Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Get Started Now: 877.611.6342 to learn more. www.megapath.com Executive Summary Protecting Your Network

More information

GOVERNANCE AND SECURITY BEST PRACTICES FOR PAYMENT PROCESSORS

GOVERNANCE AND SECURITY BEST PRACTICES FOR PAYMENT PROCESSORS GOVERNANCE AND SECURITY BEST PRACTICES FOR PAYMENT PROCESSORS A White Paper by i2c, Inc. 1300 Island Drive Suite 105 Redwood City, CA 94065 USA +1 650-593-5400 sales@i2cinc.com www.i2cinc.com Table of

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

Brochure Achieving security with cloud data protection. Autonomy LiveVault

Brochure Achieving security with cloud data protection. Autonomy LiveVault Achieving security with cloud data protection Autonomy LiveVault Can cloud backup be secure? Today, more and more companies recognize the value and convenience of using cloud backup to protect their server

More information

Modular Network Security. Tyler Carter, McAfee Network Security

Modular Network Security. Tyler Carter, McAfee Network Security Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution

More information

Making the leap to the cloud: IS my data private and secure?

Making the leap to the cloud: IS my data private and secure? Making the leap to the cloud: IS my data private and secure? tax & accounting MAKING THE LEAP TO THE CLOUD: IS MY DATA PRIVATE AND SECURE? Cloud computing: What s in it for me? The more you know about

More information

Information Technology Security Procedures

Information Technology Security Procedures Information Technology Security Procedures Prepared By: Paul Athaide Date Prepared: Dec 1, 2010 Revised By: Paul Athaide Date Revised: September 20, 2012 Version 1.2 Contents 1. Policy Procedures... 3

More information

DIR Contract Number DIR-TSO-2621 Appendix C Pricing Index

DIR Contract Number DIR-TSO-2621 Appendix C Pricing Index DIR Contract Number DIR-TSO-2621 Appendix C Index CenturyLink Technology s offers Tier 3 Cloud services: Public Cloud, Private Cloud and Hybrid Cloud provided over our Tier One network. We own and operate

More information

Content Index. 1. General... 3. 2. Location and Building... 4. 3. Telecommunication Feeds... 6. 4. Electric Power... 7. 5. Climate Control...

Content Index. 1. General... 3. 2. Location and Building... 4. 3. Telecommunication Feeds... 6. 4. Electric Power... 7. 5. Climate Control... Content Index 1. General... 3 2. Location and Building... 4 3. Telecommunication Feeds... 6 4. Electric Power... 7 5. Climate Control... 8 6. Safety and Security... 9 7. Internal Procedures... 11 General

More information

Print4 Solutions fully comply with all HIPAA regulations

Print4 Solutions fully comply with all HIPAA regulations HIPAA Compliance Print4 Solutions fully comply with all HIPAA regulations Print4 solutions do not access, store, process, monitor, or manage any patient information. Print4 manages and optimize printer

More information

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room MAXIMUM DATA SECURITY with ideals TM Virtual Data Room WWW.IDEALSCORP.COM ISO 27001 Certified Account Settings and Controls Administrators control users settings and can easily configure privileges for

More information

Security Whitepaper: ivvy Products

Security Whitepaper: ivvy Products Security Whitepaper: ivvy Products Security Whitepaper ivvy Products Table of Contents Introduction Overview Security Policies Internal Protocol and Employee Education Physical and Environmental Security

More information

SOC 1 (SSAE NO. 16) TYPE 2 REPORT ON CONTROLS PLACED IN OPERATION FOR DATA CENTER SERVICES BROADRIVER INC. AUGUST 1, 2014 TO JULY 31, 2015

SOC 1 (SSAE NO. 16) TYPE 2 REPORT ON CONTROLS PLACED IN OPERATION FOR DATA CENTER SERVICES BROADRIVER INC. AUGUST 1, 2014 TO JULY 31, 2015 SOC 1 (SSAE NO. 16) TYPE 2 REPORT ON CONTROLS PLACED IN OPERATION FOR DATA CENTER SERVICES BROADRIVER INC. AUGUST 1, 2014 TO JULY 31, 2015 BROADRIVER INC. Table of Contents SECTION 1: INDEPENDENT SERVICE

More information

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD PROTECTING YOUR VOICE SYSTEM IN THE CLOUD Every enterprise deserves to know what its vendors are doing to protect the data and systems entrusted to them. Leading IVR vendors in the cloud, like Angel, consider

More information

Security Controls for the Autodesk 360 Managed Services

Security Controls for the Autodesk 360 Managed Services Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices

More information

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security

More information

YubiCloud OTP Validation Service. Version 1.2

YubiCloud OTP Validation Service. Version 1.2 YubiCloud OTP Validation Service Version 1.2 5/12/2015 Introduction Disclaimer Yubico is the leading provider of simple, open online identity protection. The company s flagship product, the YubiKey, uniquely

More information

Contents Error! Bookmark not defined. Error! Bookmark not defined. Error! Bookmark not defined.

Contents Error! Bookmark not defined. Error! Bookmark not defined. Error! Bookmark not defined. We Do It Better. Contents Introduction...3 Service and Support...3 Data Center Details...4 Security...4 Location...4 Power...4 Humidification...5 AC...5 Cooling...6 Datacenter Features...6 SAS 70...6 PCI

More information

7QUESTIONSYOUNEEDTOASKBEFORE CHOOSINGACOLOCATIONFACILITY FORYOURBUSINESS

7QUESTIONSYOUNEEDTOASKBEFORE CHOOSINGACOLOCATIONFACILITY FORYOURBUSINESS 7QUESTIONSYOUNEEDTOASKBEFORE CHOOSINGACOLOCATIONFACILITY FORYOURBUSINESS ExecutiveBrief P a g e 1 Executive Brief 7 Questions You Need to Ask Before Choosing a Colocation Facility for Your Business Choosing

More information

Global ediscovery Client Data Security. Managed technology for the global legal profession

Global ediscovery Client Data Security. Managed technology for the global legal profession Global ediscovery Client Data Security Managed technology for the global legal profession Epiq Systems is a global leader in providing fully integrated technology products and services for ediscovery and

More information

twilio cloud communications SECURITY ARCHITECTURE

twilio cloud communications SECURITY ARCHITECTURE twilio cloud communications SECURITY ARCHITECTURE July 2014 twilio.com Security is a lingering concern for many businesses that want to take advantage of the flexibility and ease of cloud services. Businesses

More information

IBM Internet Security Systems products and services

IBM Internet Security Systems products and services Delivering preemptive security products and services IBM Internet Security Systems products and services Highlights Helps protect critical assets and reduce costs by preempting online threats Helps secure

More information

custom hosting for how you do business

custom hosting for how you do business custom hosting for how you do business 24775 League Island Boulevard Philadelphia PA 19112 gibraltarit.com 866.410.4427 Gibraltar s replicated cloud architecture and PCI/HIPAA compliant data centers provide

More information

Lot 1 Service Specification MANAGED SECURITY SERVICES

Lot 1 Service Specification MANAGED SECURITY SERVICES Lot 1 Service Specification MANAGED SECURITY SERVICES Fujitsu Services Limited, 2013 OVERVIEW OF FUJITSU MANAGED SECURITY SERVICES Fujitsu delivers a comprehensive range of information security services

More information

Famly ApS: Overview of Security Processes

Famly ApS: Overview of Security Processes Famly ApS: Overview of Security Processes October 2015 Please consult http://famly.co for the latest version of this paper Page 1 of 10 Table of Contents 1. INTRODUCTION TO SECURITY AT FAMLY... 3 2. PHYSICAL

More information

Security April 2015. Solving the data security challenge with our enhanced private and hybrid cloud services

Security April 2015. Solving the data security challenge with our enhanced private and hybrid cloud services Security April 2015 Secure cloud solutions with guaranteed UK data sovereignty. Solving the data security challenge with our enhanced private and hybrid cloud services This paper enables discussion around

More information

State of Texas. TEX-AN Next Generation. NNI Plan

State of Texas. TEX-AN Next Generation. NNI Plan State of Texas TEX-AN Next Generation NNI Plan Table of Contents 1. INTRODUCTION... 1 1.1. Purpose... 1 2. NNI APPROACH... 2 2.1. Proposed Interconnection Capacity... 2 2.2. Collocation Equipment Requirements...

More information

AL RAFEE ENTERPRISES Solutions & Expertise.

AL RAFEE ENTERPRISES Solutions & Expertise. AL RAFEE ENTERPRISES Solutions & Expertise. Virtualization Al Rafee has strategically made substantial investment in building up a large end to end portfolio of Virtualization across the entire IT infrastructure

More information