Level I - Public. Technical Portfolio. Revised: July 2015

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Level I - Public. Technical Portfolio. Revised: July 2015"

Transcription

1 Level I - Public Technical Portfolio Revised: July 2015

2 Table of Contents 1. INTRODUCTION About Imaginatik Taking Information Security Seriously 3 2. DATA CENTER SECURITY Data Center Requirements Business Continuity and Backup Physical Security Environmental Controls Fire Suppression Power Management 4 3. SYSTEM DESIGN Security Infrastructure Performance Virus Protection and Patching System Monitoring Change Management 6 4. SECURITY MANAGEMENT Security Framework Regulations Dedicated Information Security Officer User Authentication and Data Security System Access Management Legal Requirements 7

3

4 1. Introduction 1.1 About Imaginatik Imaginatik is the leading provider of innovation management solutions to the world s top organizations. Since 1996 Imaginatik has deployed hundreds of software installations with our proprietary innovation technology, Innovation Central. This platform helps harness an organization s creative minds and helps them collaborate to solve its most pressing issues. As such, Imaginatik is well-versed in managing top-level ideas that will become the next big competitive advantages for an organization. This document provides details about the security practices at Imaginatik that makes this idea management possible. To discover what Imaginatik can do for your organization visit. 1.2 Taking Information Security Seriously Imaginatik regards Information as a major corporate asset, which is to be protected and safeguarded in the same way as more tangible assets such as cash and other forms of intrinsic value. Information and the supporting processes, systems and networks are important business assets. Both the information and the technology are subject to various threats that, if realized, could result in direct financial loss to Imaginatik and its customers. At Imaginatik we have established strong security controls to prevent this. 2. Data Center Security 2.1 Data Center Requirements Imaginatik only uses data centers that are capable of meeting our customers stringent requirements. The data centers that we use are hosted in the US and the UK by organizations that are regularly audited and are either SOC-2 type II certified, SSAE 16 type II (formerly SAS 70) attested or ISO27001:2005 and ISO 9001:2008 certified. These provide us with network connectivity and dedicated servers ensuring that your data is held securely, enabling you to meet any compliance issues you may face in regards to audits your security team may otherwise require. The following is an example of some of the areas tested, examined and documented during the certification audits: Data Control, Security, Environmental Controls, Fire Suppression, UPS and Diesel Generator Backup, Physical Access Controls, Human Resource and Personnel Controls, Infrastructure, Bandwidth.

5 Our US data center is also Safe Harbor compliant. 2.2 Business Continuity and Backup Imaginatik has two data center providers, which allows us many options when it comes to disaster recovery. Daily off-site backups ensure that we have the ability to recover and rebuild customer environments even in the event of total loss of one data center. Interruptions to our service are extremely rare, most commonly being caused by network issues between the customer network and the Imaginatik data center concerned. In the event of a problem affecting a customer server, we will do everything possible to recover the service as quickly as possible. If this takes longer than a few minutes, the customer concerned will be notified and kept informed until normal service is resumed. If the service interruption looks likely to be extended then we will start to restore the existing environment on a server in the other data center. This will then normally be available for use within 72 hours of the disaster, although the annual Disaster Recovery test consistently shows restoration could be 24 hours, or less. The data used will be no more than one day out of date. 2.3 Physical Security The entire data center is monitored 24x7 by security cameras and on-site staff. Cameras are positioned at every entrance, each and every rack isle and customer cage areas. All security cameras are recorded. Card access controls, biometric identification and security guards are also in place to prevent unauthorized access. 2.4 Environmental Controls Indoor cooling systems provide precise, reliable control of the data center temperature, humidity, and airflow that improves operating conditions for sensitive electronic equipment. 2.5 Fire Suppression To prevent accidental sprinkler discharge, the data center is equipped with a zoned, dry-pipe, pre-action sprinkler system that requires two or more sensors to activate. 2.6 Power Management The US data center building is served by three ultra reliable underground grids configured in a spot network that allows any one grid to drop without interruption to the building power supply. An uninterruptible power supply (UPS) is maintained that insures against short-term interruptions of power. UPS's also regulate the quality of power so that all equipment receives constant line voltage.

6 The UK data center gets its power from dual independent power feeds, backed up by dual battery string Uninterrupted Power Supplies (UPS) systems (deployed as standard). It also features 6 x DELPHYS MX 3 phase 500 kva UPS from Socomec, providing fault tolerant architecture with built in N+1 redundancy. Put simply, if the world were to end, the data centers could still function for another 2 days! 3. SYSTEM DESIGN 3.1 Security Infrastructure Imaginatik offers a very comprehensive platform that makes use of the latest security features including: Continuous Availability - All customer environments use clustered servers with automatic failover, so that any outage on one server won t cause an interruption to your service. Optimized Performance - We make extensive use of load balancers to ensure consistently fast response times especially during peak usage. Network Security - Our networks are protected by powerful firewalls configured to follow industry best practices for network ingress/egress security. We also implement intrusion detection / prevention systems to protect our service. Advanced Content Distribution A huge network of over 95,000 servers deployed worldwide provide a secure, fast and reliable path to our data centers, ensuring that you get the fastest possible response times wherever your users are located. In addition, a monitoring system analyzes all activities on servers and triggers notifications to our engineers to quickly assess and respond to any service disruption issues or other events. Powerful encryption is utilized ensuring data within Innovation Central is protected both in transit and rest. 3.2 Performance Service availability for Innovation Central is an impressive 99.9%, excluding scheduled maintenance periods. We measure end-to-end response times not just as measured in our data centers, but right out to the end user on your network. Our target is to have key pages in Innovation Central load in less than two seconds on average. Our technology allows us to identify those customers whose networks are most in need of improvement, compared to those customers who are achieving very fast response times. This improves participation and enables those customers to get better results from their challenges.

7 3.3 Virus Protection and Patching Virus protection is enabled on all servers and is updated on a daily basis. Operating System patches are installed at least monthly. Application server patches are promptly installed, to allow our customers to benefit from improvements to the core software. 3.4 System Monitoring Network and server infrastructure is monitored for performance and outages. Technical staff are automatically notified if and when an outage or performance problem occurs. Customers are immediately notified of any incidents affecting their data. 3.5 Change Management All modifications to the production environment follow a documented change control procedure that describes the migration path from development to test to production. 4. SECURITY MANAGEMENT 4.1 Security Framework Regulations Our Policies and Procedures are based on ISO Standard 27002, which is a set of best practices to be adopted by organizations in order to implement proper information security. All members of Imaginatik staff have a responsibility to ensure the data they are exposed to is protected to the best of their abilities. The Information Security Policies that provide directions on how to achieve this are written in line with ISO This demonstrates to your security team that adequate safeguards and controls are in place to an international recognized standard for managing and processing data belonging to our customers. 4.2 Dedicated Information Security Officer Imaginatik employs a dedicated Information Security Officer who has over nine years experience of information security within a financially regulated environment. The Information Security Officer is responsible for advising the Company on all security matters, managing the overall strategic security program, performing security reviews, and ensuring non public client and company data is adequately protected. A key part of the Information Security Officer s role is the education of staff. This is achieved by performing security training which includes password management, secure management of client data, physical security of company equipment, management, internet usage and mobile computing.

8 4.3 User Authentication and Data Security Security has always been an integral part of Imaginatik s system design and quality assurance. The key security principles of Innovation Central include: Detailed role-based data security and authorization model. We have eight different roles available, allowing program administrators to configure access privileges to exactly the way they want them. User access management is fully delegated to the Innovation Central program administrators, ensuring that someone from your organization can configure security settings at any time. Password management (also configurable within Innovation Central) is based on bestpractice requirements and can be set to match your policies. User Administration. The administrator can manage user accounts directly. Users may also self-register. Self-registration can be limited to only individuals whose address domain matches a pre-selected list or it can be wide open. After a user self-registers; a validation is sent the user instructing them to click on a secured link which activates their account. If desired, we can establish a Single-Sign-On (SSO) access scheme that will allow you to use the login information in your own directory. Imaginatik has extensive experience in implementing SSO for Innovation Central with various systems. In most implementations, SAML 2.0 is used to provide SSO. 4.4 System Access Management Only Imaginatik employees who have a valid business reason (along with the clients approval when required) are granted access to client data. This is controlled by two-factor authentication using a One Time Password (OTP) and end-to end encryption. This gives the user access to a Secure Management Console (SMC) where client data can be accessed but cannot be downloaded onto the users computer or any other type of removal media device. 4.5 Legal Requirements Information in all its forms, particularly information about our clients, is one of the Company s most valuable assets. The security of that information and the adherence to the legal requirements around its storage and use is of paramount importance. In addition to regulatory requirements, Imaginatik has a strict information-protection policy to which every employee is required to adhere. Employees are also bound by a contract and Non Disclosure Agreement (NDA) and undergo full background checks during the new hire on-boarding process.

KeyLock Solutions Security and Privacy Protection Practices

KeyLock Solutions Security and Privacy Protection Practices KeyLock Solutions Overview KeyLock Solutions hosts its infrastructure at Heroku. Heroku is a cloud application platform used by organizations of all sizes to deploy and operate applications throughout

More information

Data Center Infrastructure & Managed Services Outline

Data Center Infrastructure & Managed Services Outline Data Center Infrastructure & Managed Services Outline The 360 Technology Center Solutions Data Center is located in Lombard, IL, USA. We are 20 minutes outside of downtown Chicago. The 360TCS staff consists

More information

Autodesk PLM 360 Security Whitepaper

Autodesk PLM 360 Security Whitepaper Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure

More information

Powering the Cloud Desktop: OS33 Data Centers

Powering the Cloud Desktop: OS33 Data Centers OS33 Data Centers info@os33.com (866) 796-0310 www.os33.com It is hard to overstate the importance of security and uptime, which is why we obsess over making sure that your corporate information assets

More information

Five keys to a more secure data environment

Five keys to a more secure data environment Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational

More information

SITECATALYST SECURITY

SITECATALYST SECURITY SITECATALYST SECURITY Ensuring the Security of Client Data June 6, 2008 Version 2.0 CHAPTER 1 1 Omniture Security The availability, integrity and confidentiality of client data is of paramount importance

More information

StratusLIVE for Fundraisers Cloud Operations

StratusLIVE for Fundraisers Cloud Operations 6465 College Park Square Virginia Beach, VA 23464 757-273-8219 (main) 757-962-6989 (fax) stratuslive.com Contents Security Services... 3 Rackspace Multi Layered Approach to Security... 3 Network... 3 Rackspace

More information

Secure, Scalable and Reliable Cloud Analytics from FusionOps

Secure, Scalable and Reliable Cloud Analytics from FusionOps White Paper Secure, Scalable and Reliable Cloud Analytics from FusionOps A FusionOps White Paper FusionOps 265 Santa Ana Court Sunnyvale, CA 94085 www.fusionops.com World-class security... 4 Physical Security...

More information

ProjectManager.com Security White Paper

ProjectManager.com Security White Paper ProjectManager.com Security White Paper Standards & Practices www.projectmanager.com Introduction ProjectManager.com (PM) developed its Security Framework to continue to provide a level of security for

More information

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM Las Vegas Datacenter Overview Product Overview and Data Sheet Product Data Sheet Maintaining a Software as a Service (SaaS) environment with market leading availability and security is something that Active

More information

BOLDCHAT ARCHITECTURE & APPLICATION CONTROL

BOLDCHAT ARCHITECTURE & APPLICATION CONTROL ARCHITECTURE & APPLICATION CONTROL A technical overview of BoldChat s security. INTRODUCTION LogMeIn offers consistently reliable service to its BoldChat customers and is vigilant in efforts to provide

More information

CONTENTS. Security Policy

CONTENTS. Security Policy CONTENTS PHYSICAL SECURITY (UK) PHYSICAL SECURITY (CHICAGO) PHYSICAL SECURITY (PHOENIX) PHYSICAL SECURITY (SINGAPORE) SYSTEM SECURITY INFRASTRUCTURE Vendor software updates Security first policy CUSTOMER

More information

Birst Security and Reliability

Birst Security and Reliability Birst Security and Reliability Birst is Dedicated to Safeguarding Your Information 2 Birst is Dedicated to Safeguarding Your Information To protect the privacy of its customers and the safety of their

More information

SNAP WEBHOST SECURITY POLICY

SNAP WEBHOST SECURITY POLICY SNAP WEBHOST SECURITY POLICY Should you require any technical support for the Snap survey software or any assistance with software licenses, training and Snap research services please contact us at one

More information

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room MAXIMUM DATA SECURITY with ideals TM Virtual Data Room WWW.IDEALSCORP.COM ISO 27001 Certified Account Settings and Controls Administrators control users settings and can easily configure privileges for

More information

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific documents requested,

More information

Security Whitepaper: ivvy Products

Security Whitepaper: ivvy Products Security Whitepaper: ivvy Products Security Whitepaper ivvy Products Table of Contents Introduction Overview Security Policies Internal Protocol and Employee Education Physical and Environmental Security

More information

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1 JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us

More information

Data Center Application and Equipment Hosting Services Effective April 1, 2009 Revised March 7, 2011

Data Center Application and Equipment Hosting Services Effective April 1, 2009 Revised March 7, 2011 Information Technology Data Center Application and Equipment Hosting Services Effective April 1, 2009 Revised This document outlines the services NUIT provides from the central data centers to host applications

More information

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific

More information

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information

Hosted Exchange. Security Overview. Learn More: Call us at 877.634.2728. www.megapath.com

Hosted Exchange. Security Overview. Learn More: Call us at 877.634.2728. www.megapath.com Security Overview Learn More: Call us at 877.634.2728. www.megapath.com Secure and Reliable Hosted Exchange Our Hosted Exchange service is delivered across an advanced network infrastructure, built on

More information

Security Document. Issued April 2014 Updated October 2014 Updated May 2015

Security Document. Issued April 2014 Updated October 2014 Updated May 2015 Security Document Issued April 2014 Updated October 2014 Updated May 2015 Table of Contents Issued April 2014... 1 Updated October 2014... 1 Updated May 2015... 1 State-of-the-art Security for Legal Data...

More information

Itron Cloud Services Offering

Itron Cloud Services Offering Itron Cloud Services Offering WHITE PAPER TABLE OF CONTENTS Introduction... 3 Types of Services... 3 Software as a Service (SaaS)...3 Managed Services...3 On-site Managed Services...3 Benefits... 3 Infrastructure...

More information

YubiCloud OTP Validation Service. Version 1.2

YubiCloud OTP Validation Service. Version 1.2 YubiCloud OTP Validation Service Version 1.2 5/12/2015 Introduction Disclaimer Yubico is the leading provider of simple, open online identity protection. The company s flagship product, the YubiKey, uniquely

More information

Security Controls for the Autodesk 360 Managed Services

Security Controls for the Autodesk 360 Managed Services Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices

More information

FormFire Application and IT Security. White Paper

FormFire Application and IT Security. White Paper FormFire Application and IT Security White Paper Contents Overview... 3 FormFire Corporate Security Policy... 3 Organizational Security... 3 Infrastructure and Security Team... 4 Application Development

More information

Security Practices, Architecture and Technologies

Security Practices, Architecture and Technologies Security Practices, Architecture and Technologies CONTACT: 36 S. Wall Street Columbus, OH 43215 1-800-VAB-0300 www.viewabill.com 1 CONTENTS End-to-End Security Processes and Technologies... 3 Secure Architecture...

More information

Information Technology Security Procedures

Information Technology Security Procedures Information Technology Security Procedures Prepared By: Paul Athaide Date Prepared: Dec 1, 2010 Revised By: Paul Athaide Date Revised: September 20, 2012 Version 1.2 Contents 1. Policy Procedures... 3

More information

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

DISASTER RECOVERY. Omniture Disaster Plan. June 2, 2008 Version 2.0

DISASTER RECOVERY. Omniture Disaster Plan. June 2, 2008 Version 2.0 DISASTER RECOVERY Omniture Disaster Plan June 2, 2008 Version 2.0 CHAPTER 1 1 Disaster Recovery Plan Overview In the event that one of our data collection environments are unavailable due to an event,

More information

IBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public]

IBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public] IBX Business Network Platform Information Security Controls 2015-02- 20 Document Classification [Public] Table of Contents 1. General 2 2. Physical Security 2 3. Network Access Control 2 4. Operating System

More information

colocation. perfected.

colocation. perfected. colocation. perfected. colocation perfected The expert team of COLO@ have the talent, tools, and facilities to power your operation all day, every day. Since 2008, COLO@ has been providing the critical

More information

White paper. SAS Solutions OnDemand Hosting Overview

White paper. SAS Solutions OnDemand Hosting Overview White paper SAS Solutions OnDemand Hosting Overview Contents Overview...1 Cary 1 Facility Specifications...2 Cary 2 Facility Specifications (SAS New Cloud Computing Center)...3 Charlotte 1 Facility Specifications...4

More information

Client Security Risk Assessment Questionnaire

Client Security Risk Assessment Questionnaire Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2

More information

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee Windows Server Security Best Practices Initial Document Created By: 2009 Windows Server Security Best Practices Committee Document Creation Date: August 21, 2009 Revision Revised By: 2014 Windows Server

More information

Famly ApS: Overview of Security Processes

Famly ApS: Overview of Security Processes Famly ApS: Overview of Security Processes October 2015 Please consult http://famly.co for the latest version of this paper Page 1 of 10 Table of Contents 1. INTRODUCTION TO SECURITY AT FAMLY... 3 2. PHYSICAL

More information

Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.

More information

Understanding Sage CRM Cloud

Understanding Sage CRM Cloud Understanding Sage CRM Cloud Data centre and platform security whitepaper Document version 2016 Table of Contents 1.0 Introduction 3 2.0 Sage CRM Cloud Data centre Infrastructure 4 2.1 Site location 4

More information

Woodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview

Woodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview Houghton Mifflin Harcourt - Riverside (HMH - Riverside) is pleased to offer online scoring and reporting for Woodcock-Johnson IV (WJ IV) and Woodcock-Muñoz Language Survey Revised Normative Update (WMLS-R

More information

Xerox Litigation Services. In the Cybersecurity Hot Seat: How Law Firms are Optimizing Security While Reducing Cost and Risk

Xerox Litigation Services. In the Cybersecurity Hot Seat: How Law Firms are Optimizing Security While Reducing Cost and Risk Xerox Litigation Services In the Cybersecurity Hot Seat: How Law Firms are Optimizing Security While Reducing Cost and Risk Your Highest Priority is also Your Greatest Challenge Data breaches are not just

More information

SaaS Security for the Confirmit CustomerSat Software

SaaS Security for the Confirmit CustomerSat Software SaaS Security for the Confirmit CustomerSat Software July 2015 Arnt Feruglio Chief Operating Officer The Confirmit CustomerSat Software Designed for The Web. From its inception in 1997, the architecture

More information

7QUESTIONSYOUNEEDTOASKBEFORE CHOOSINGACOLOCATIONFACILITY FORYOURBUSINESS

7QUESTIONSYOUNEEDTOASKBEFORE CHOOSINGACOLOCATIONFACILITY FORYOURBUSINESS 7QUESTIONSYOUNEEDTOASKBEFORE CHOOSINGACOLOCATIONFACILITY FORYOURBUSINESS ExecutiveBrief P a g e 1 Executive Brief 7 Questions You Need to Ask Before Choosing a Colocation Facility for Your Business Choosing

More information

DATA CENTER COLOCATION

DATA CENTER COLOCATION DATA CENTER COLOCATION An easy decision, a difficult choice Differentiating one colocation provider from another can be a challenge. They all promise much the same service and it is tempting to select

More information

SAS 70 Type II Audits

SAS 70 Type II Audits Thinking from IntraLinks SAS 70 Type II Audits SAS 70 Type II Audits Ensuring Data Security, Reliability and Integrity If your organization shares sensitive data over the Internet, you need rigorous controls

More information

Securing the Service Desk in the Cloud

Securing the Service Desk in the Cloud TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,

More information

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

Information Technology General Controls Review (ITGC) Audit Program Prepared by: Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the

More information

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security Overview Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security Blackboard Collaborate web conferencing is available in a hosted environment and this document

More information

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description Dropbox for Business Secure file sharing, collaboration and cloud storage G-Cloud Service Description Table of contents Introduction to Dropbox for Business 3 Security 7 Infrastructure 7 Getting Started

More information

Perceptive Software Platform Services

Perceptive Software Platform Services Perceptive Software Platform Services CLOUD SOLUTIONS process and content management Perceptive Software Platform Services Perceptive Software process and content management systems have been deployed

More information

GiftWrap 4.0 Security FAQ

GiftWrap 4.0 Security FAQ GiftWrap 4.0 Security FAQ The information presented here is current as of the date of this document, and may change from time-to-time, in order to reflect s ongoing efforts to maintain the highest levels

More information

Keyfort Cloud Services (KCS)

Keyfort Cloud Services (KCS) Keyfort Cloud Services (KCS) Data Location, Security & Privacy 1. Executive Summary The purposes of this document is to provide a common understanding of the data location, security, privacy, resiliency

More information

Enterprise level security, the Huddle way.

Enterprise level security, the Huddle way. Enterprise level security, the Huddle way. Security whitepaper TABLE OF CONTENTS 5 Huddle s promise Hosting environment Network infrastructure Multiple levels of security Physical security System & network

More information

Security Information & Policies

Security Information & Policies Security Information & Policies 01 Table of Contents OVERVIEW CHAPTER 1 : CHAPTER 2: CHAPTER 3: CHAPTER 4: CHAPTER 5: CHAPTER 6: CHAPTER 7: CHAPTER 8: CHAPTER 9: CHAPTER 10: CHAPTER 11: CHAPTER 12: CHAPTER

More information

Whitepaper - Security e-messenger

Whitepaper - Security e-messenger Whitepaper 1 Security e-messenger Contents 1. Introduction Page 3 2. Data centre security and connection Page 3 a. Security Page 3 b. Power Page 3 c. Cooling Page 3 d. Fire suppression Page 3 3. Server

More information

Remote Disaster Recovery Services Suite (nvision Edition)

Remote Disaster Recovery Services Suite (nvision Edition) Remote Disaster Recovery Services Suite (nvision Edition) Services Suite includes Remote Backup Service Comprehensive suite of services designed to get you back up and running quickly and successfully

More information

Projectplace: A Secure Project Collaboration Solution

Projectplace: A Secure Project Collaboration Solution Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the

More information

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1 UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1 As organizations unlock the true potential of meeting over the web as an alternative to costly and timeconsuming travel,

More information

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...

More information

custom hosting for how you do business

custom hosting for how you do business custom hosting for how you do business 24775 League Island Boulevard Philadelphia PA 19112 gibraltarit.com 866.410.4427 Gibraltar s replicated cloud architecture and PCI/HIPAA compliant data centers provide

More information

MEDIAROOM. Products Hosting Infrastructure Documentation. Introduction. Hosting Facility Overview

MEDIAROOM. Products Hosting Infrastructure Documentation. Introduction. Hosting Facility Overview MEDIAROOM Products Hosting Infrastructure Documentation Introduction The purpose of this document is to provide an overview of the hosting infrastructure used for our line of hosted Web products and provide

More information

Datacentre Studley. Dedicated managed environment for mission critical services. Six Degrees Group www.6dg.co.uk

Datacentre Studley. Dedicated managed environment for mission critical services. Six Degrees Group www.6dg.co.uk Dedicated managed environment for mission critical services www.6dg.co.uk Our datacentres are the core of our business. At we own and manage 30,000 square feet of highly available, geographically diverse

More information

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous

More information

Croner Hosting Services

Croner Hosting Services 2015 Croner Hosting Services Overview This document describes the Hosting Options, Process Controls and Security models used in Croner s software platforms. Hosting Options Croner have partnered with one

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 13 Business Continuity Objectives Define environmental controls Describe the components of redundancy planning List disaster recovery

More information

1 Introduction 2. 2 Document Disclaimer 2

1 Introduction 2. 2 Document Disclaimer 2 Important: We take great care to ensure that all parties understand and appreciate the respective responsibilities relating to an infrastructure-as-a-service or self-managed environment. This document

More information

CloudDesk - Security in the Cloud INFORMATION

CloudDesk - Security in the Cloud INFORMATION CloudDesk - Security in the Cloud INFORMATION INFORMATION CloudDesk SECURITY IN THE CLOUD 3 GOVERNANCE AND INFORMATION SECURITY 3 DATA CENTRES 3 DATA RESILIENCE 3 DATA BACKUP 4 ELECTRONIC ACCESS TO SERVICES

More information

Secure and control how your business shares files using Hightail

Secure and control how your business shares files using Hightail HIGHTAIL FOR ENTERPRISE: SECURITY OVERVIEW Secure and control how your business shares files using Hightail Information the lifeblood of any business is potentially placed at risk every time digital files

More information

Everything you need to know!

Everything you need to know! Everything you need to know! 1 Our Facilities Redback Conferencing is at the forefront of the industry in terms of security for your conferencing services. We use Equinix Sydney IBX Data Centres which

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

Security & Infra-Structure Overview

Security & Infra-Structure Overview Security & Infra-Structure Overview Contents KantanMT Platform Security... 2 Customer Data Protection... 2 Application Security... 2 Physical and Environmental Security... 3 ecommerce Transactions... 4

More information

Company Overview & Product Information

Company Overview & Product Information Quick Facts: 1100 Clients Globally Operate 4 Data Centers 22 Points of Presence CDN About Network Redux Network Redux is an Enterprise Managed Solutions Provider. We develop, deploy and manage critical

More information

HEC Security & Compliance

HEC Security & Compliance HEC Security & Compliance SAP Security, Risk & Compliance Office November, 2014 Public Version 2.0 Details Introduction Overview Security Offering Approach Certifications Introduction Dear Customer, Information

More information

Things You Need to Know About Cloud Backup

Things You Need to Know About Cloud Backup Things You Need to Know About Cloud Backup Over the last decade, cloud backup, recovery and restore (BURR) options have emerged as a secure, cost-effective and reliable method of safeguarding the increasing

More information

6Your Guide to a Superior

6Your Guide to a Superior Data Center Pillars 6Your Guide to a Superior Data Center Solution 6 Data Center Pillars I. Classification Level: Tier III Compliance Assures Performance II. Backed by SAP: SSAE 16 Type II Certification

More information

Fully Managed Secure Data Sharing (a cloud service)

Fully Managed Secure Data Sharing (a cloud service) Protect your critical infrastructure, information & interactions Fully Managed Secure Data Sharing (a cloud service) working on behalf of What is Fully Managed Secure Data Share - FMSDS? Core Technology

More information

Privacy + Security + Integrity

Privacy + Security + Integrity Privacy + Security + Integrity Docufree Corporation Data Security Checklist Security by Design Docufree is very proud of our security record and our staff works diligently to maintain the greatest levels

More information

Altus UC Security Overview

Altus UC Security Overview Altus UC Security Overview Description Document Version D2.3 TABLE OF CONTENTS Network and Services Security 1. OVERVIEW... 1 2. PHYSICAL SECURITY... 1 2.1 FACILITY... 1 ENVIRONMENTAL SAFEGUARDS... 1 ACCESS...

More information

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security

More information

White Paper How Noah Mobile uses Microsoft Azure Core Services

White Paper How Noah Mobile uses Microsoft Azure Core Services NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah

More information

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST Application Name: Vendor Name: Briefly describe the purpose of the application. Include an overview of the application architecture, and identify the data

More information

by New Media Solutions 37 Walnut Street Wellesley, MA 02481 p 781-235-0128 f 781-235-9408 www.avitage.com Avitage IT Infrastructure Security Document

by New Media Solutions 37 Walnut Street Wellesley, MA 02481 p 781-235-0128 f 781-235-9408 www.avitage.com Avitage IT Infrastructure Security Document Avitage IT Infrastructure Security Document The purpose of this document is to detail the IT infrastructure security policies that are in place for the software and services that are hosted by Avitage.

More information

IT - General Controls Questionnaire

IT - General Controls Questionnaire IT - General Controls Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks G1. ACCESS CONTROLS Access controls are comprised of those policies and procedures that are designed to allow

More information

Cloud Security Trust Cisco to Protect Your Data

Cloud Security Trust Cisco to Protect Your Data Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive

More information

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security

More information

CA Cloud Overview Benefits of the Hyper-V Cloud

CA Cloud Overview Benefits of the Hyper-V Cloud Benefits of the Hyper-V Cloud For more information, please contact: Email: sales@canadianwebhosting.com Ph: 888-821-7888 Canadian Web Hosting (www.canadianwebhosting.com) is an independent company, hereinafter

More information

Use of Exchange Mail and Diary Service Code of Practice

Use of Exchange Mail and Diary Service Code of Practice Use of Exchange Mail and Diary Service Code of Practice Introduction This code of practice outlines the support mechanisms in place for the security of the Exchange mail and diary service. References are

More information

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)? SaaS vs. COTS Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)? Unlike COTS solutions, SIMCO s CERDAAC is software that is offered as a service (SaaS). This offers several

More information

Retention & Destruction

Retention & Destruction Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of

More information

HIPAA Privacy & Security White Paper

HIPAA Privacy & Security White Paper HIPAA Privacy & Security White Paper Sabrina Patel, JD +1.718.683.6577 sabrina@captureproof.com Compliance TABLE OF CONTENTS Overview 2 Security Frameworks & Standards 3 Key Security & Privacy Elements

More information

ShareFile Security Overview

ShareFile Security Overview ShareFile Security Overview ShareFile Company Policy All ShareFile employees undergo full background checks and sign our information security policy prior to beginning employment with the company. The

More information

Document Details. 247Time Backup & Disaster Recovery Plan. Author: Document Tracking. Page 1 of 12

Document Details. 247Time Backup & Disaster Recovery Plan. Author: Document Tracking. Page 1 of 12 Document Details Title: Author: 247Time Backup & Disaster Recovery Plan Document Tracking Page 1 of 12 TABLE OF CONTENTS 1 INTRODUCTION... 3 1.1 OVERVIEW... 3 1.2 DEFINED REQUIREMENT... 3 2 DISASTER OVERVIEW...

More information

BOWMAN SYSTEMS SECURING CLIENT DATA

BOWMAN SYSTEMS SECURING CLIENT DATA BOWMAN SYSTEMS SECURING CLIENT DATA 2012 Bowman Systems L.L.C. All Rights Reserved. This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered

More information

PRIVATE, TRUSTWORTHY AND SCALEABLE Providing Secure Remote Service and Support. white paper

PRIVATE, TRUSTWORTHY AND SCALEABLE Providing Secure Remote Service and Support. white paper PRIVATE, TRUSTWORTHY AND SCALEABLE Providing Secure Remote Service and Support white paper EXECUTIVE SUMMARY A Methodology for Providing a Secure Connected Products Service Security is a primary concern

More information

Migration and Disaster Recovery Underground in the NEC / Iron Mountain National Data Center with the RackWare Management Module

Migration and Disaster Recovery Underground in the NEC / Iron Mountain National Data Center with the RackWare Management Module Migration and Disaster Recovery Underground in the NEC / Iron Mountain National Data Center with the RackWare Management Module WHITE PAPER May 2015 Contents Advantages of NEC / Iron Mountain National

More information

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture 2 Data Security and Privacy Principles for IBM SaaS Contents 2 Introduction

More information

SYSTRUST CERTIFICATION REPORT FOR COLLOCATION AND DATA CENTER HOSTING SERVICES FOR THE PERIOD FROM JANUARY 1, 2013 TO DECEMBER 31, 2013

SYSTRUST CERTIFICATION REPORT FOR COLLOCATION AND DATA CENTER HOSTING SERVICES FOR THE PERIOD FROM JANUARY 1, 2013 TO DECEMBER 31, 2013 SYSTRUST CERTIFICATION REPORT FOR COLLOCATION AND DATA CENTER HOSTING SERVICES FOR THE PERIOD FROM JANUARY 1, 2013 TO DECEMBER 31, 2013 TABLE OF CONTENTS SECTION I: INDEPENDENT PRACTITIONERS TRUST SERVICES

More information

Paxata Security Overview

Paxata Security Overview Paxata Security Overview Ensuring your most trusted data remains secure Nenshad Bardoliwalla Co-Founder and Vice President of Products nenshad@paxata.com Table of Contents: Introduction...3 Secure Data

More information