Table of Contents. Page 1 of 6 (Last updated 30 July 2015)

Size: px
Start display at page:

Download "Table of Contents. Page 1 of 6 (Last updated 30 July 2015)"

Transcription

1 Table of Contents What is Connect?... 2 Physical Access Controls... 2 User Access Controls... 3 Systems Architecture... 4 Application Development... 5 Business Continuity Management... 5 Other Operational Management Controls... 5 Legal and Regulatory Compliance... 5 Terminology... 6 Page 1 of 6 (Last updated 30 July 2015)

2 Security Overview of the Connect Application This data sheet summarises the security controls for Marsh & McLennan Companies Connect Application. The content of this document is confidential, not to be released without a covering non-disclosure agreement. The data sheet should not be used after 31 July What is Connect? Connect (referred to as an 'extranet') is our global web-based tool which provides a central, easily accessible repository for information relating to the client and the work we do for them over time. It has been designed to facilitate project management and encourage relationship building through enhanced communication and collaboration with individual clients on a oneto-one basis. Connect is used by internal Marsh & McLennan Companies staff, as well as external clients and is owned by Mercer Global Operations and Systems (O&S). The Connect application is built on eroom application software that is purchased from EMC. The eroom software is internally branded as Connect. The Connect application runs on HP hardware platforms with Microsoft Windows 2008 Operating System. The front end Web server hosts the Connect application and the backend database server hosts Microsoft SQL Server 2008 and supporting databases. All server hardware is currently located in the Dallas, TX Data Center. The Connect application can be used by Marsh & McLennan Companies and external clients to host most any type of data. The data can be stored in the form of files posted to the site or in Connect objects such as databases, calendars, etc. All data posted to Connect sites is done so at the data owner s discretion. The data can include personally identifiable information or sensitive financial or business information. Data is primarily posted to the Connect site via the Web based interface. The eroom plug-in can also be installed for enhanced functionality. Data stored on the Connect File Store and the SQL databases is encrypted at rest. In addition to providing enhanced Connect functionality, the eroom Plug-in also provides enhanced security features. The Plug-in provides basic encryption, which is augmented by the use of SSL v3 via a secure URL. For example, the transmission of data to and from the Connect site is encrypted. Once authenticated to the Connect Server, a random session ID is generated to serve as a secure key for the duration of the session. A Connect Session remains in place until 30 minutes of inactivity has elapsed or the Browser Session is closed. When 30 minutes of inactivity are reached, the user will be prompted to reenter their password before proceeding. Mercer s parent company, Marsh & McLennan Companies has established information security internal controls designed to protect the confidentiality, integrity and availability of clients information. The security controls are outlined in the next sections in this document. Further information can be found in the document titled Summary of Marsh & McLennan Companies Information Security Practices. If you do not have access to this document, please contact your Client/Relationship Manager. Physical Access Controls The Connect application including client data is hosted in Marsh & McLennan Companies regional data centre located in Dallas, Texas. Page 2 of 6 (Last updated 30 July 2015)

3 Marsh & McLennan Companies Data Centre security uses multi-layered security controls. These include a secure, fenced perimeter and CCTV outside and inside the centre. CCTV images are monitored and recorded. Entry controls to both data centres and office buildings is controlled via security access card for Marsh & McLennan Companies staff and formal access control systems for recording and controlling visitor access. Equipment raised floor areas have additional access controls which includes biometric security in some cases. Network security is managed by Marsh & McLennan Companies. More information can be found in the document titled Summary of Marsh & McLennan Companies Information Security Practices. If you do not have access to this document, please contact your Marsh & McLennan Companies Client/Relationship Manager. User Access Controls User Authentication & Site Access All Connect participants are assigned their own unique user name and password, and are asked not to share this information. When the eroom Plug-in is installed, the user name and password is encrypted before being sent to the Connect Server. Once the Server has authenticated the user, a Connect site Session ID is created and passed to the Browser. (Note when using only the Browser interface, the user name and password is also encrypted by the eroom session. Use of the eroom plug-in is the recommended practice.) User accounts for a Connect site are managed by the Site Coordinator or a member of the Connect Administration Team. Coordinators notify members via invitation when they are added to a site. For non-mercer Members only, password policies are in place to force a password reset upon initial login. Passwords will expire every three months, the minimum password length is eight characters and complex passwords are required. Mercer members authenticate to Connect via their Network (Active Directory) credentials. These passwords cannot be accessed or reset by the Connect Administration Team. Both Network and Connect passwords are structured according to corporate passwords standards (length, complexity, enforced change, and prevention of re-use). Formal processes are used to control requests for system access. For non-mercer members, Connect sites provide a Password Recovery utility. All Connect login pages have a Forget your password? link. When the link is selected, the user is prompted to enter the address they used to register with the site and click the OK button. The user is then sent an message which contains a URL link to a Connect page where the user is prompted for an answer to the security question they chose, when they first accessed a Connect site, then creates a new password which allows the user to access the system again. In the event an automatic password recovery is not possible, members should first escalate the issue to their Site Coordinator. If the Site Coordinator cannot resolve the issue, it can then be escalated to the Connect Administration team. Member accounts are periodically reviewed and updated by Site Coordinators and the Connect Administration team. Mercer accounts, which are populated via an Active Directory, are automatically removed from Connect sites when the corresponding account is removed from the Active Directory. Non-Mercer accounts must be removed by the Site Coordinator in the individual Connect site, or by the Connect Team from all Connect sites. Access to Connect requires an approved Internet browser and a valid login name and password. Access to all sites requires a secure SSL v3 URL ( All Connect sites have a unique URL, but all sites can also be accessed using a single portal URL. Page 3 of 6 (Last updated 30 July 2015)

4 Connect sites also provide a logout feature. A logout button is visible in the upper right navigation. When the logout button is clicked, all temporary files and eroom plug-in settings are removed. Upon subsequent logins, the user will again be asked if they wish to use the eroom plug-in. Upon successful authentication to a Connect site, the eroom server generates a random session ID that serves as a secure key for the duration of the session. As long as activity takes place on the Connect site, the session will remain active. In the event there is no activity on the Connect site for a period of 30 minutes, the session will automatically expire. If this happens, it will be necessary to authenticate to the site again. All session information between the user computer and the server is destroyed when the browser window is closed. Access Control The Connect client and/or Marsh & McLennan Companies can limit access to a Connect site to only select team members. Once successfully authenticated into a Connect site, Access Control can also be used to control or limit access to individual items on the site. Access Control is fully implemented at the site level. Even in the unlikely event the client user account was compromised or the server is being spoofed, the server will enforce access. No matter which user is talking to the server, the user will only be able to access or modify information to which the specific logged-in user has rights - this is because the server will never allow any operation that the user does not have rights to perform. Access Control schemas are the responsibility of the site owners and coordinators. The default access control for any given items rests with the item s creator. Careful consideration should be given when determining access control levels, as there are potential ramifications to site access. The Account Locking feature locks user accounts following multiple failed login attempts. Accounts are locked after five failed login attempts within a ten minute time span. Accounts can be manually unlocked by an Administrator. Accounts are also locked after three failed attempts to recover a forgotten password. For more information, please refer to section IT and Information Security in the document titled Summary of Marsh & McLennan Companies Information Security Practices. If you do not have access to this document, please contact your Marsh & McLennan Companies Client/Relationship Manager. Systems Architecture The Marsh & McLennan Companies Connect environment consists of one physical File Store Server, three virtual Web Server, and three Application Index servers which provide the services necessary to support Connect, and an MS SQL Database Server, supporting the Connect database features. Version 7 servers reside on HP hardware running the Microsoft Windows 2008 Operating Systems. The front end Web servers host the Connect application and the backend database server hosts Microsoft SQL Server 2008 and supporting databases. All server hardware is currently located in the Dallas, TX Data Center. The HP hardware is equipped with redundant power supplies, redundant network interface cards and RAID storage devices. Each Server is located in the Dallas Data Center and supported 24 X 7 by Marsh & McLennan Companies Global Technology Infrastructure (MGTI). Page 4 of 6 (Last updated 30 July 2015)

5 Connect is a Windows application for use within Marsh & McLennan Companies. It is available via Internet connected computers with an approved Internet browser. Marsh & McLennan Companies protects its internal infrastructure through the use of multiple redundant firewalls, anti-virus on all PCs, Windows servers and gateways, with daily signature updates. Servers hosting the Connect application are managed by Marsh & McLennan Companies and are updated and patched in line with vendor recommendations. New infrastructure is configured using Marsh & McLennan Companies standard OS builds for desktop and server environments. Application Development The Connect application is based on software (eroom) that has been purchased by Mercer from EMC. As a result, Mercer does not perform Application Development for the eroom software. The eroom product does have an API (Application Program Interface) that can be used to enhance and customize the eroom product. Some customizations have been made to reflect Marsh & McLennan Companies internal branding and to present Marsh & McLennan Companies specific verbiage on site pages. All application updates are approved by a management steering committee. Changes to the live production environment are managed by Mercer s formal change control procedure. Business Continuity Management Every Marsh & McLennan Companies office is required to develop and maintain a Business Continuity Plan to ensure continued availability of essential client services. For more information, please refer to section Business Resilience and Disaster Recovery in the document titled Summary of Marsh & McLennan Companies Information Security Practices. If you do not have access to this document, please contact your Marsh & McLennan Companies Client/Relationship Manager. Other Operational Management Controls The Connect application is further protected by operational management controls that protect all of Marsh & McLennan Companies information technology systems, which include but are not limited to: Enterprise firewalls, VLANs, and layered DMZ architectures used to help protect systems from intrusion and limit the scope of any successful attack. Intrusion Detection Systems and other traffic and event correlation procedures which are implemented, maintained and monitored 24x7. Multi-tiered anti-virus and anti-spyware program which is in place for and network gateways, servers, and desktops. Anti-virus signatures are updated daily. Back-up and recovery programs to ensure the effective back-up of data and recovery of the systems in the event of a system failure or data center outage. Formal change management processes which require that all systems and configuration changes be logged, reviewed, approved and monitored. Security audits and reviews which are performed through a variety of processes including as part of annual reviews conducted by Marsh & McLennan Companies internal Audit department, and through routine risk assessments and system reviews. Legal and Regulatory Compliance The Connect Legal Notice can be viewed at the following URL: Page 5 of 6 (Last updated 30 July 2015)

6 Terminology CCTV Closed Circuit Television (CCTV) is a visual surveillance technology designed for monitoring a variety of environments and activities. eroom Plug-In The eroom Plug-in can be installed on workstations to provide enhanced functionality for Connect. These features include double click editing, drag and drop capability and Outlook synchronization. Marsh & McLennan Companies Marsh & McLennan Companies, Inc. is the premier global professional services firm providing advice and solutions in risk, strategy and human capital. Mercer is a wholly owned subsidiary of Marsh & McLennan Companies. SSL Secure Sockets Layer (SSL) is a cryptographic protocol that provides secure communications on the Internet. Page 6 of 6 (Last updated 30 July 2015)

Retention & Destruction

Retention & Destruction Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

SECURITY OVERVIEW FOR MY.ENDNOTE.COM. In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our

SECURITY OVERVIEW FOR MY.ENDNOTE.COM. In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our ENDNOTE ONLINE SECURITY OVERVIEW FOR MY.ENDNOTE.COM In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our servers from attacks and other attempts

More information

Vendor Questionnaire

Vendor Questionnaire Instructions: This questionnaire was developed to assess the vendor s information security practices and standards. Please complete this form as completely as possible, answering yes or no, and explaining

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

Name: Position held: Company Name: Is your organisation ISO27001 accredited:

Name: Position held: Company Name: Is your organisation ISO27001 accredited: Third Party Information Security Questionnaire This questionnaire is to be completed by the system administrator and by the third party hosting company if a separate company is used. Name: Position held:

More information

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST Application Name: Vendor Name: Briefly describe the purpose of the application. Include an overview of the application architecture, and identify the data

More information

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more

More information

Exhibit B5b South Dakota. Vendor Questions COTS Software Set

Exhibit B5b South Dakota. Vendor Questions COTS Software Set Appendix C Vendor Questions Anything t Applicable should be marked NA. Vendor Questions COTS Software Set Infrastructure 1. Typically the State of South Dakota prefers to host all systems. In the event

More information

1 Introduction 2. 2 Document Disclaimer 2

1 Introduction 2. 2 Document Disclaimer 2 Important: We take great care to ensure that all parties understand and appreciate the respective responsibilities relating to an infrastructure-as-a-service or self-managed environment. This document

More information

SECURITY DOCUMENT. BetterTranslationTechnology

SECURITY DOCUMENT. BetterTranslationTechnology SECURITY DOCUMENT BetterTranslationTechnology XTM Security Document Documentation for XTM Version 6.2 Published by XTM International Ltd. Copyright XTM International Ltd. All rights reserved. No part of

More information

Secure Data Hosting. Your data is our top priority.

Secure Data Hosting. Your data is our top priority. Secure Data Hosting Your data is our top priority. ESO s world-class security infrastructure is designed to provide data redundancy, security and availability while keeping sensitive HIPAA and PHI information

More information

This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered business sensitive.

This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered business sensitive. SERVICEPOINT SECURING CLIENT DATA This document and the information contained herein are the property of and should be considered business sensitive. Copyright 2006 333 Texas Street Suite 300 Shreveport,

More information

PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s

PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s Network Security Please describe the preferred connection method(s) between the PierianDx network and a healthcare organization s

More information

WHITE PAPER. Support for the HIPAA Security Rule RadWhere 3.0

WHITE PAPER. Support for the HIPAA Security Rule RadWhere 3.0 WHITE PAPER Support for the HIPAA Security Rule RadWhere 3.0 SUMMARY This white paper is intended to assist Nuance customers who are evaluating the security aspects of the RadWhere 3.0 system as part of

More information

SHARPCLOUD SECURITY STATEMENT

SHARPCLOUD SECURITY STATEMENT SHARPCLOUD SECURITY STATEMENT Summary Provides details of the SharpCloud Security Architecture Authors: Russell Johnson and Andrew Sinclair v1.8 (December 2014) Contents Overview... 2 1. The SharpCloud

More information

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security

More information

WhatsUp Gold v16.3 Installation and Configuration Guide

WhatsUp Gold v16.3 Installation and Configuration Guide WhatsUp Gold v16.3 Installation and Configuration Guide Contents Installing and Configuring WhatsUp Gold using WhatsUp Setup Installation Overview... 1 Overview... 1 Security considerations... 2 Standard

More information

Accessing the Media General SSL VPN

Accessing the Media General SSL VPN Launching Applications and Mapping Drives Remote Desktop Outlook Launching Web Applications Full Access VPN Note: To access the Media General VPN, anti-virus software must be installed and running on your

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

White Paper. Support for the HIPAA Security Rule PowerScribe 360

White Paper. Support for the HIPAA Security Rule PowerScribe 360 White Paper Support for the HIPAA Security Rule PowerScribe 360 2 Summary This white paper is intended to assist Nuance customers who are evaluating the security aspects of the PowerScribe 360 system as

More information

GE Measurement & Control. Cyber Security for NEI 08-09

GE Measurement & Control. Cyber Security for NEI 08-09 GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4

More information

Data Stored on a Windows Server Connected to a Network

Data Stored on a Windows Server Connected to a Network Attachment A Form to Describe Sensitive Data Security Plan For the Use of Sensitive Data from The National Longitudinal Study of Adolescent to Adult Health Data Stored on a Windows Server Connected to

More information

BOWMAN SYSTEMS SECURING CLIENT DATA

BOWMAN SYSTEMS SECURING CLIENT DATA BOWMAN SYSTEMS SECURING CLIENT DATA 2012 Bowman Systems L.L.C. All Rights Reserved. This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered

More information

Marcum LLP MFT Guide

Marcum LLP MFT Guide MFT Guide Contents 1. Logging In...3 2. Installing the Upload Wizard...4 3. Uploading Files Using the Upload Wizard...5 4. Downloading Files Using the Upload Wizard...8 5. Frequently Asked Questions...9

More information

SonicWALL PCI 1.1 Implementation Guide

SonicWALL PCI 1.1 Implementation Guide Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard

More information

Introduction to Cyber Security / Information Security

Introduction to Cyber Security / Information Security Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be

More information

State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP)

State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP) State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP) Document Revision History Date Version Creator Notes File Transfer Protocol Service Page 2 7/7/2011 Table of Contents

More information

FuseMail- Exchange ControlPanel Admin Guide Feb.27-14 V1.0. Exchange ControlPanel Administration Guide

FuseMail- Exchange ControlPanel Admin Guide Feb.27-14 V1.0. Exchange ControlPanel Administration Guide Exchange ControlPanel Administration Guide Table of Contents Top Level Portal Administration... 4 Signing In to Control Panel... 4 Restoring Account Password... 5 Change Account Details... 7 Viewing Account

More information

NASDAQ Web Security Entitlement Installation Guide November 13, 2007

NASDAQ Web Security Entitlement Installation Guide November 13, 2007 November 13, 2007 Table of Contents: Copyright 2006, The Nasdaq Stock Market, Inc. All rights reserved.... 2 Chapter 1 - Entitlement Overview... 3 Hardware/Software Requirements...3 NASDAQ Workstation...3

More information

Security Controls for the Autodesk 360 Managed Services

Security Controls for the Autodesk 360 Managed Services Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices

More information

Information Technology Security Procedures

Information Technology Security Procedures Information Technology Security Procedures Prepared By: Paul Athaide Date Prepared: Dec 1, 2010 Revised By: Paul Athaide Date Revised: September 20, 2012 Version 1.2 Contents 1. Policy Procedures... 3

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

SaaS Security for the Confirmit CustomerSat Software

SaaS Security for the Confirmit CustomerSat Software SaaS Security for the Confirmit CustomerSat Software July 2015 Arnt Feruglio Chief Operating Officer The Confirmit CustomerSat Software Designed for The Web. From its inception in 1997, the architecture

More information

MIGRATIONWIZ SECURITY OVERVIEW

MIGRATIONWIZ SECURITY OVERVIEW MIGRATIONWIZ SECURITY OVERVIEW Table of Contents Introduction... 2 Shared Security Approach... 2 Customer Best Practices... 2 Application Security... 4 Database Level Security... 4 Network Security...

More information

Background Information

Background Information User Guide 1 Background Information ********************************Disclaimer******************************************** This is a government system intended for official use only. Using this system

More information

AD Self-Service Suite for Active Directory

AD Self-Service Suite for Active Directory The Dot Net Factory AD Self-Service Suite for Active Directory Version 3.6 The Dot Net Factory, LLC. 2005-2011. All rights reserved. This guide contains proprietary information, which is protected by copyright.

More information

Virtual Cabinet Document Portal User Guide

Virtual Cabinet Document Portal User Guide Virtual Cabinet Document Portal User Guide Contents / Introduction Introduction... 2 What to expect when publishing a document... 3 Having difficulty? Troubleshooting guide.... 7 The Virtual Cabinet Document

More information

DHHS Information Technology (IT) Access Control Standard

DHHS Information Technology (IT) Access Control Standard DHHS Information Technology (IT) Access Control Standard Issue Date: October 1, 2013 Effective Date: October 1,2013 Revised Date: Number: DHHS-2013-001-B 1.0 Purpose and Objectives With the diversity of

More information

Active Directory Self-Service FAQ

Active Directory Self-Service FAQ Active Directory Self-Service FAQ General Information: info@cionsystems.com Online Support: support@cionsystems.com CionSystems Inc. Mailing Address: 16625 Redmond Way, Ste M106 Redmond, WA. 98052 http://www.cionsystems.com

More information

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM Policy Compliancy Checklist September 2014 The server management responsibilities described within are required to be performed per University, Agency or State

More information

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0 Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features

More information

Business ebanking - User Sign On & Set Up

Business ebanking - User Sign On & Set Up About Sign On Business ebanking has two authentication methods that reduce the risk of online identity theft: secure token authentication and out-of-band authentication. The authentication method companies

More information

Support for the HIPAA Security Rule

Support for the HIPAA Security Rule WHITE PAPER Support for the HIPAA Security Rule PowerScribe 360 Reporting v2.0 HEALTHCARE 2 SUMMARY This white paper is intended to assist Nuance customers who are evaluating the security aspects of PowerScribe

More information

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1 JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us

More information

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room MAXIMUM DATA SECURITY with ideals TM Virtual Data Room WWW.IDEALSCORP.COM ISO 27001 Certified Account Settings and Controls Administrators control users settings and can easily configure privileges for

More information

TIGERPAW EXCHANGE INTEGRATOR SETUP GUIDE V3.6.0 August 26, 2015

TIGERPAW EXCHANGE INTEGRATOR SETUP GUIDE V3.6.0 August 26, 2015 TIGERPAW EXCHANGE INTEGRATOR SETUP GUIDE V3.6.0 August 26, 2015 2201 Thurston Circle Bellevue, NE 68005 www.tigerpawsoftware.com Contents Tigerpaw Exchange Integrator Setup Guide v3.6.0... 1 Contents...

More information

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2 RSA Authentication Manager 7.1 Security Best Practices Guide Version 2 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks

More information

White Paper. BD Assurity Linc Software Security. Overview

White Paper. BD Assurity Linc Software Security. Overview Contents 1 Overview 2 System Architecture 3 Network Settings 4 Security Configurations 5 Data Privacy and Security Measures 6 Security Recommendations Overview This white paper provides information about

More information

HOW TO CONFIGURE SQL SERVER REPORTING SERVICES IN ORDER TO DEPLOY REPORTING SERVICES REPORTS FOR DYNAMICS GP

HOW TO CONFIGURE SQL SERVER REPORTING SERVICES IN ORDER TO DEPLOY REPORTING SERVICES REPORTS FOR DYNAMICS GP HOW TO CONFIGURE SQL SERVER REPORTING SERVICES IN ORDER TO DEPLOY REPORTING SERVICES REPORTS FOR DYNAMICS GP When you install SQL Server you have option to automatically deploy & configure SQL Server Reporting

More information

Ajera 8 Installation Guide

Ajera 8 Installation Guide Ajera 8 Installation Guide Ajera 8 Installation Guide NOTICE This documentation and the Axium software programs may only be used in accordance with the accompanying Axium Software License and Services

More information

Security from the Ground Up eblvd uses a hybrid-asp model designed expressly to ensure robust, secure operation.

Security from the Ground Up eblvd uses a hybrid-asp model designed expressly to ensure robust, secure operation. eblvd enables secure, cloud-based access to a PC or server over the Internet. Data, keyboard, mouse and display updates are transmitted over a highly compressed, encrypted stream, yielding "as good as

More information

Sophisticated Password Policy

Sophisticated Password Policy Hosted PRESENTS... Secure Your Source Code Studies show that companies of all sizes have begun adopting SaaS (Software as a Service) solutions in a faster pace as a way to implement IT services more quickly

More information

InsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

InsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS? What is InsightCloud? InsightCloud is a web portal enabling Insight customers to purchase and provision a wide range of Cloud services in a straightforward and convenient manner. What is SaaS? Software

More information

BlackBerry Business Cloud Services. Administration Guide

BlackBerry Business Cloud Services. Administration Guide BlackBerry Business Cloud Services Administration Guide Published: 2012-07-25 SWD-20120725193410416 Contents 1 About BlackBerry Business Cloud Services... 8 BlackBerry Business Cloud Services feature overview...

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1 UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1 As organizations unlock the true potential of meeting over the web as an alternative to costly and timeconsuming travel,

More information

Vital Records Electronic Registration System (ERS-II) Technical Resource Guide and Support Procedures

Vital Records Electronic Registration System (ERS-II) Technical Resource Guide and Support Procedures Vital Records Electronic Registration System (ERS-II) Technical Resource Guide and Support Procedures Vital Records Support Line: (402) 471-8275 Frequently Asked Questions Problem: User cannot access the

More information

USER GUIDE: MaaS360 Services

USER GUIDE: MaaS360 Services USER GUIDE: MaaS360 Services 05.2010 Copyright 2010 Fiberlink Corporation. All rights reserved. Information in this document is subject to change without notice. The software described in this document

More information

MAC Web Based VPN Connectivity Details and Instructions

MAC Web Based VPN Connectivity Details and Instructions MAC Web Based VPN Connectivity Details and Instructions UMDNJ s Web-based VPN utilizes an SSL Based Cisco Application that provides VPN functionality without having to install a full client for end users

More information

Security Whitepaper: ivvy Products

Security Whitepaper: ivvy Products Security Whitepaper: ivvy Products Security Whitepaper ivvy Products Table of Contents Introduction Overview Security Policies Internal Protocol and Employee Education Physical and Environmental Security

More information

Installing and Configuring Microsoft Dynamics Outlook Plugin to Use with ipipeline MS CRM

Installing and Configuring Microsoft Dynamics Outlook Plugin to Use with ipipeline MS CRM Installing and Configuring Microsoft Dynamics Outlook Plugin to Use with ipipeline MS CRM Downloading 1. Download zip file for your version of Outlook (32-bit or 64-bit) and save to computer. (This is

More information

Setting Up Scan to SMB on TaskALFA series MFP s.

Setting Up Scan to SMB on TaskALFA series MFP s. Setting Up Scan to SMB on TaskALFA series MFP s. There are three steps necessary to set up a new Scan to SMB function button on the TaskALFA series color MFP. 1. A folder must be created on the PC and

More information

FormFire Application and IT Security. White Paper

FormFire Application and IT Security. White Paper FormFire Application and IT Security White Paper Contents Overview... 3 FormFire Corporate Security Policy... 3 Organizational Security... 3 Infrastructure and Security Team... 4 Application Development

More information

RL Solutions Hosting Service Level Agreement

RL Solutions Hosting Service Level Agreement RL Solutions Hosting Service Level Agreement April 2012 Table of Contents I. Context and Scope... 1 II. Defined Terms... 1 III. RL Solutions Responsibilities... 2 IV. Client Responsibilities... 4 V. The

More information

SecureAnywhereTM Web Security Service

SecureAnywhereTM Web Security Service SecureAnywhereTM Web Security Service This document provides a general overview of the Webroot SecureAnywhere Web Security Service Partner Management Portal. Webroot Partners such as Managed Service Providers

More information

Virto Password Reset Web Part for SharePoint. Release 3.1.0. Installation and User Guide

Virto Password Reset Web Part for SharePoint. Release 3.1.0. Installation and User Guide Virto Password Reset Web Part for SharePoint Release 3.1.0 Installation and User Guide 2 Table of Contents OVERVIEW... 3 SYSTEM REQUIREMENTS... 3 OPERATING SYSTEM... 3 SERVER... 3 BROWSER... 4 INSTALLATION...

More information

How To Secure An Emr-Link System Architecture

How To Secure An Emr-Link System Architecture EMR-Link Security Administration Guide Introduction This guide provides an overview of the security measures built into EMR-Link, and how your organization s security policies can be implemented with these

More information

GTS Software Pty Ltd. Remote Desktop Services

GTS Software Pty Ltd. Remote Desktop Services GTS Software Pty Ltd Remote Desktop Services Secure web access to GTS Software applications CONTENTS Overview... 2 What GTS can provide with Remote Desktop Services... 2 Main Features... 3 RD Web Access...

More information

GiftWrap 4.0 Security FAQ

GiftWrap 4.0 Security FAQ GiftWrap 4.0 Security FAQ The information presented here is current as of the date of this document, and may change from time-to-time, in order to reflect s ongoing efforts to maintain the highest levels

More information

USER GUIDE WEB-BASED SYSTEM CONTROL APPLICATION. www.pesa.com August 2014 Phone: 256.726.9200. Publication: 81-9059-0703-0, Rev. C

USER GUIDE WEB-BASED SYSTEM CONTROL APPLICATION. www.pesa.com August 2014 Phone: 256.726.9200. Publication: 81-9059-0703-0, Rev. C USER GUIDE WEB-BASED SYSTEM CONTROL APPLICATION Publication: 81-9059-0703-0, Rev. C www.pesa.com Phone: 256.726.9200 Thank You for Choosing PESA!! We appreciate your confidence in our products. PESA produces

More information

05.0 Application Development

05.0 Application Development Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development

More information

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee Windows Server Security Best Practices Initial Document Created By: 2009 Windows Server Security Best Practices Committee Document Creation Date: August 21, 2009 Revision Revised By: 2014 Windows Server

More information

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control

More information

NATIONAL SECURITY AGENCY Ft. George G. Meade, MD

NATIONAL SECURITY AGENCY Ft. George G. Meade, MD NATIONAL SECURITY AGENCY Ft. George G. Meade, MD Serial: I732-010R-2008 30 April 2008 Network Infrastructure Division Systems and Network Analysis Center Activating Authentication and Encryption for Cisco

More information

owncloud Architecture Overview

owncloud Architecture Overview owncloud Architecture Overview Time to get control back Employees are using cloud-based services to share sensitive company data with vendors, customers, partners and each other. They are syncing data

More information

CONTENTS. Security Policy

CONTENTS. Security Policy CONTENTS PHYSICAL SECURITY (UK) PHYSICAL SECURITY (CHICAGO) PHYSICAL SECURITY (PHOENIX) PHYSICAL SECURITY (SINGAPORE) SYSTEM SECURITY INFRASTRUCTURE Vendor software updates Security first policy CUSTOMER

More information

ManageEngine ADSelfService Plus. Evaluator s Guide

ManageEngine ADSelfService Plus. Evaluator s Guide ManageEngine ADSelfService Plus Evaluator s Guide Table of Contents Document Summary:...3 ADSelfService Plus Overview:...3 Core Features & Benefits:...4 ADSelfService Plus Architecture:...5 Admin Portal:...

More information

Security, Audit, and e-signature Administrator Console v1.2.x

Security, Audit, and e-signature Administrator Console v1.2.x Security, Audit, and e-signature Administrator Console v1.2.x USER GUIDE SAE Admin Console for use with: QuantStudio Design and Analysis desktop Software Publication Number MAN0010410 Revision A.0 For

More information

FileMaker Security Guide The Key to Securing Your Apps

FileMaker Security Guide The Key to Securing Your Apps FileMaker Security Guide The Key to Securing Your Apps Table of Contents Overview... 3 Configuring Security Within FileMaker Pro or FileMaker Pro Advanced... 5 Prompt for Password... 5 Give the Admin Account

More information

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0 White Paper Enterprise File Serving 2.0 Anywhere, Any Device File Access with IT in Control Like it or not, cloud- based file sharing services have opened up a new world of mobile file access and collaborative

More information

How To Use Egnyte

How To Use Egnyte INTRODUCING ON DEMAND FILE SERVER FROM BT WHOLESALE APPLICATION STORE WHAT IS ON DEMAND FILE SERVER? The three most common technology challenges facing every small business are data storage, information

More information

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012 SafeGuard Enterprise Web Helpdesk Product version: 6 Document date: February 2012 Contents 1 SafeGuard web-based Challenge/Response...3 2 Installation...5 3 Authentication...8 4 Select the Web Helpdesk

More information

JapanCert 専 門 IT 認 証 試 験 問 題 集 提 供 者

JapanCert 専 門 IT 認 証 試 験 問 題 集 提 供 者 JapanCert 専 門 IT 認 証 試 験 問 題 集 提 供 者 http://www.japancert.com 1 年 で 無 料 進 級 することに 提 供 する Exam : 70-643 Title : Windows Server 2008 Applications Infrastructure, Configuring Vendors : Microsoft Version :

More information

RFG Secure FTP. Web Interface

RFG Secure FTP. Web Interface RFG Secure FTP Web Interface Step 1: Getting to the Secure FTP Web Interface: Open your preferred web browser and type the following address: http://ftp.raddon.com After you hit enter, you will be taken

More information

Use of Exchange Mail and Diary Service Code of Practice

Use of Exchange Mail and Diary Service Code of Practice Use of Exchange Mail and Diary Service Code of Practice Introduction This code of practice outlines the support mechanisms in place for the security of the Exchange mail and diary service. References are

More information

System Security Plan University of Texas Health Science Center School of Public Health

System Security Plan University of Texas Health Science Center School of Public Health System Security Plan University of Texas Health Science Center School of Public Health Note: This is simply a template for a NIH System Security Plan. You will need to complete, or add content, to many

More information

The Security Behind Sticky Password

The Security Behind Sticky Password The Security Behind Sticky Password Technical White Paper version 3, September 16th, 2015 Executive Summary When it comes to password management tools, concerns over secure data storage of passwords and

More information

Cherwell Software Hosted Environment. www.creekpointe.com info@creekpointe.com 864.297.4959 +1 800.613.1426

Cherwell Software Hosted Environment. www.creekpointe.com info@creekpointe.com 864.297.4959 +1 800.613.1426 Cherwell Software Hosted Environment Cherwell Software, LLC ( Cherwell ) provides an efficient, expedient, and secure hosted environment so that customers are guaranteed exceptional performance and reliability.

More information

Mobile Admin Security

Mobile Admin Security Mobile Admin Security Introduction Mobile Admin is an enterprise-ready IT Management solution that generates significant cost savings by dramatically increasing the responsiveness of IT organizations facing

More information

1 Outlook Web Access. 1.1 Outlook Web Access (OWA) Foundation IT Written approximately Dec 2010

1 Outlook Web Access. 1.1 Outlook Web Access (OWA) Foundation IT Written approximately Dec 2010 Foundation IT Written approximately Dec 2010 1 Outlook Web Access With the new version of Exchange 2010 Outlook Anywhere has been enabled and configured with a secure socket layer (SSL) certificate from

More information

OneLogin Integration User Guide

OneLogin Integration User Guide OneLogin Integration User Guide Table of Contents OneLogin Account Setup... 2 Create Account with OneLogin... 2 Setup Application with OneLogin... 2 Setup Required in OneLogin: SSO and AD Connector...

More information

Group Management Server User Guide

Group Management Server User Guide Group Management Server User Guide Table of Contents Getting Started... 3 About... 3 Terminology... 3 Group Management Server is Installed what do I do next?... 4 Installing a License... 4 Configuring

More information

Installation Guide for Pulse on Windows Server 2012

Installation Guide for Pulse on Windows Server 2012 MadCap Software Installation Guide for Pulse on Windows Server 2012 Pulse Copyright 2014 MadCap Software. All rights reserved. Information in this document is subject to change without notice. The software

More information

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM Las Vegas Datacenter Overview Product Overview and Data Sheet Product Data Sheet Maintaining a Software as a Service (SaaS) environment with market leading availability and security is something that Active

More information

BlackBerry Enterprise Service 10. Universal Device Service Version: 10.2. Administration Guide

BlackBerry Enterprise Service 10. Universal Device Service Version: 10.2. Administration Guide BlackBerry Enterprise Service 10 Universal Service Version: 10.2 Administration Guide Published: 2015-02-24 SWD-20150223125016631 Contents 1 Introduction...9 About this guide...10 What is BlackBerry

More information

How To Use Irecruit Software

How To Use Irecruit Software irecruit is a hosted SaaS (Software as a Service), cloud-based recruiting software designed to provide any size of business a cost effective, affordable and way to manage the recruiting process online.

More information