SaaS Vendor Qualification
|
|
- Brice Lester Dixon
- 8 years ago
- Views:
Transcription
1 SaaS Vendor Qualification
2 Samanage recognizes our customer s due diligence responsibility, in the selection of any cloud service, to protect the interests of their customers, shareholders and employees. This document is designed to answer the typical questions we receive from information security professionals concerning our information security processes and practices. Company Name: Services Offered: Service Classification: Samanage USA Inc IT Asset Management and integrated Service Desk SaaS/Cloud GENERAL 1. How long has Samanage been in business? Answer: Since In what jurisdiction / region is your company incorporated? Answer: Samanage USA Inc. is a Delaware corporation with its headquarters in Cary, NC. 3. What is the annual revenue of your company (USD)? Answer: Samanage is a private company and does not disclose its revenues. 4. Please describe, in general terms, the viability of your company and the Service over the next two years (i.e. growth, venture capital, innovation, etc.). Answer: Samanage has tripled annual growth by over three consecutive years. In 2014, Samanage increased its customer base by 90 percent, with customers now in 51 countries. Read more on Samanage growth and momentum. Samanage is financed by leading Venture Capital firms: Carmel Ventures: Gemini: Marker LLC: Vintage Investment Partners: Page 2
3 5. How long has your company been providing the Service? Answer: The Samanage IT Asset Management solution was introduced in The Service Desk was introduced in What percentage of your company s annual revenue is generated from the Service? Answer: 100% of the company s revenue comes from its SaaS offering. 7. Approximately how many customers utilize the Service? Answer: More than Are any customers available for discussing Service satisfaction with potential customer? Answer: Yes. Introductions will be provided on request. 9. Are any Service customers in the healthcare, financial, or government industries? Health Care industry customers include: Advanced BioScience Laboratories,Inc Lagniappe Health Companies xg Health Solutions CGNet - Sonitus Medical The Center for Wound Healing Restorix Health FirstCare Health Plans Virgin Care NextMed, Inc. Medidata Solutions N - Pharma, Ltd. Alaris Health Victor Chang Cardiac Research Institute Augusta Health Financial industry customers include: Dun & Bradstreet Bluegarden A/S The Riverside Company PRA Group OSTC Limited KeyPoint Credit Union Yapstone Sberbank AG Lucania Gestion Keesler Federal Credit Union Page 3
4 Government customers include: WA Health Benefit Exchange VA Office of the Attorney General WI Economic & Development Commission Cochise County City of Raleigh DC Government Town of Cary Parsons - Dept of Labor 10. Are any Service customers in the US publicly traded? Publicly traded companies that are customers of Samanage include: Vocus Dun and Bradstreet Fugro Oxford Immunotec Ticketmaster Punch Taverns Marin Software Fraser and Neave Medidata Rocket Fuel Select Comfort Envestnet 11. Does the Service provide support for SOX, HIPAA, and/or PCI compliant processes? Please provide supporting information. Answer: Yes. Samanage takes compliance seriously. For more information on our processes and policies not contained in this document, please see Trust & Transparency ( samanage.com/trust) and additional FAQs ( 12. Are there customers who are required to comply with HIPAA? Answer: Health care providers, health plans, and health care clearing houses are required to comply with HIPAA requirements to protect the privacy and security of health information. In 2009, HIPAA rules extended to business associates of covered entities, including entities or persons that provide data transmission services to a covered entity and require routine access to protected health information (PHI); subcontractors that create, receive, maintain, or transmit PHI on behalf of a business associate; and vendors that offer personal health records to one or more individuals on behalf of a covered entity. Read the Samanage HIPAA policy ( 13. Is Samanage willing to execute a NDA/confidentiality agreement with customer? Answer: Yes. Please contact Samanage for more information. Page 4
5 14. Are any 3rd party services utilized by Samanage to provide the Service? If so, please describe. Answer: Samanage servers are hosted with Amazon Web Services. For complete details on our data centers, please see Trust & Transparency ( on the Samanage website. 15. How many developers are allocated to the Service full time? Answer: Twenty 16. How many support staff are allocated to the Service full time? Answer: Nine DATA CENTERS 1. Please provide the names and locations of all data centers used to provide the Service: Answer: Samanage is hosted with Amazon Web Services on the east coast of the United States (Northern Virginia region). 2. Please indicate data center tier(s), and how frequently data centers are tested for compliance: Answer: Please see 3. Do you measure the performance and effectiveness of your contracted data centers? Answer: Yes. Samanage monitors the performance and effectiveness of data centers on a regular basis. Please see the Samanage system status page ( Page 5
6 4. Please provide a brief description of a data center catastrophic failure scenario (i.e. what can be expected in regards to the Service and Customers data in the event of a failure). Answer: Samanage has implemented a Disaster Recovery program designed to allow us to operate the Samanage service without losing any customer data. Built using Amazon EC2 and S3 infrastructure services, our system and backups will reside in 4 separate availability zones in the Amazon East Coast (Virginia) data center - separate availability zones means that each has its own power/security etc. An additional database replication which will be located in a totally separate Amazon geographical region. 5. Are data center controls audited by an accredited 3rd party? If yes, please provide copies of SAS 70, SSAE 16, or other applicable reports. Answer: Yes. For additional information please see 6. Provide a description of the access and physical security controls utilized at the data center(s). Answer: The data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. 7. Provide a description of environment controls utilized at the data center(s). Answer: AWS provides fault tolerant web architectures and a world class network infrastructure that is carefully monitored and managed. For more information, please see Amazon Web Services: Overview of Security Processes ( whitepapers/security/aws%20security%20whitepaper.pdf). 8. Provide a description of the power architecture at the data centers(s). Answer: AWS provides fault tolerant web architectures and a world class network infrastructure that is carefully monitored and managed. For more information, please see Amazon Web Services: Overview of Security Processes ( whitepapers/security/aws%20security%20whitepaper.pdf). Page 6
7 9. Provide a description of the network architecture at the data center(s). Answer: AWS provides fault tolerant web architectures and a world class network infrastructure that is carefully monitored and managed. For more information, please see Provide a description of the fire detection and suppression systems employed by the data center(s). Answer: Automatic fire detection and suppression equipment has been installed to reduce risk. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms and generator equipment rooms. These areas are protected by either wet pipe, double interlocked pre action, or gaseous sprinkler systems. 11. What protection mechanisms and techniques are utilized in the data centers providing the Service (firewalls, intrusion detection, monitoring, etc)? If multiple data centers (production and/or backup) exist, also include a description of data protection between centers. Answer: AWS provides fault tolerant web architectures and a world-class network infrastructure that is carefully monitored and managed. For more information, please see Amazon Web Services: Overview of Security Processes ( Security/AWS%20Security%20Whitepaper.pdf). 12. Do data center staff undergo background checks? Answer: Yes. Samanage and AWS have established formal policies and procedures to delineate the minimum standards for logical access to the Samanage and AWS platform and infrastructure hosts. Samanage and AWS conduct criminal background checks, as permitted by law, as part of pre-employment screening practices for employees and commensurate with the employee s position and level of access. These policies also identify functional responsibilities for the administration of logical access and security. Page 7
8 DATA SECURITY 1. Do you have a disaster and recovery plan that fully includes all aspects of the Service? Answer: Yes, we have implemented a Disaster Recovery program designed to allow us to operate the Samanage service without losing any customer data. Built using Amazon EC2 and S3 infrastructure services, our system and backups will reside in 4 separate availability zones in the Amazon East Coast (Virginia) data center - separate availability zones means that each has its own power/security etc. An additional database replication which will be located in a totally separate Amazon geographical region. 2. Describe the Service tenancy model (hosted, single, multi, etc). Answer: Multi-Tenant 3. Describe how Customers data is isolated from the data of other customers. Answer: The multi-tenant database is separated by unique keys. All customer data in our database is also scoped with an additional column in the database which contains a customer ID which is unique. This means that each data item in the database (e.g. incident, computer, mobile, change, etc.) is always scoped uniquely to a singular account. Each and every access to the application database must contain within it also this unique identifier. 4. Please provide a description of the data backup mechanisms used to backup and restore the Service and data, including frequency and retention periods. Answer: As the first level of data protection, all customer data is continually backed-up to local disk and every night to an offsite location. Your data is safe and your information can be quickly restored if needed. All necessary precautions are taken to ensure privacy, security and retrievability of your account information. 5. Describe restoration testing procedures and frequency. Answer: Constant redundancy with daily offsite backups. Page 8
9 6. Please provide copies of all policies regarding customer data. Answer: Please see the Samanage Privacy Policy ( and the Samanage Master Service Agreement ( More information can be found on the Trust & Transparency ( page of the Samanage website. 7. Describe who has access to customer production and backed-up data, and the automatic and procedural controls in place to prevent unauthorized internal access (by staff, contractors, or other). Answer: Individuals with customer facing positions and those who have access to customer data have received training on our Privacy Policy. This includes employees from Sales, Engineering, Customer Support and Finance. All new employees who fit into this category will receive the same training. Privacy Policy training is incorporated into Samanage new hire training and HR policies as well as the Samanage Employee Handbook. Awareness of and adherence to the Privacy Policy is also included in the employment contracts for all employees. Selected team members who have access to customer data in order to provide the services that customer s have contracted for receive additional training. 8. Please describe how passwords are stored in the Service. Answer: See Customer Data section of our Privacy Policy ( privacy.html) In transit we use an SSL certificate with key length of 2048 bits to encrypt the passwords. Passwords in the database are hashed with MD5 (128 bits) and we use a random Salt encrypted with SHA1 (160 bits) to create a hashed password. 9. Is customer data encrypted in production? In backup? If yes, who has access to the keys? Answer: All data is encrypted in transfer and at rest and all access to the service is governed by strict password security policies. Only selected employees have access to the keys. These employees receive special training and are selected based on the roles required for Samanage to provide the service that our Customers have contracted for. Page 9
10 10. How are security breaches communicated to customers (method and timeliness)? Are all breaches, including internal breaches shared? Answer: Yes, breaches are communicated in multiple ways. All breaches will immediately be assigned the highest severity and will be escalated to all levels of management. Customers will be notified immediately and the Samanage Status page will be periodically updated to provide close to real-time information. 11. How many security breaches have been reported in the past 3 years? Answer: None 12. How quickly are Service security flaws patched? Answer: Immediately. We are working everyday to make our service more secure and up to date with the latest security technology. Penetration testing is run as an integral part of our Engineering process and any flaws that might be detected will immediately be treated as high priority and resolved according to internal SLAs. 13. Is access to the Service provided via secure means (encryption, etc)? Please describe. Answer: Samanage protects customer data by ensuring that only authorized users can access it using their username and password. Account Administrators can assign security rules that define which users in their company or partners have access to the data based on user s roles. All communication between the user s browser and Samanage is encrypted via SSL. 14. In what instances/scenarios would Service data travel unencrypted/unprotected over the public Internet or any network? Answer: Samanage application data will never travel unencrypted/unprotected over the public Internet or any other network. All data is encrypted in transfer. Page 10
11 DATA OWNERSHIP AND AVAILABILITY 1. Please describe the mechanisms through which Customers can request and receive full copies of its data (including audit trails) in a standard, human readable electronic format (i.e. CSV). Also include allowed request frequency. Answer: Customers can receive a weekly scheduled backup of all their data in CSV format. Customer data can also be manually exported to CSV at any time. For more information see our Master Service Agreement ( 2. How long are (undeleted) customer records stored in the service retained and accessible? Answer: Please see our Master Service Agreement ( for more information. 3. Are records deleted by the customer available for retrieval? Describe the process and retention period. Answer: No. Customer records that are deleted cannot be retrieved, except for extenuating circumstances under which a request can be made by the Customer and Samanage will research the possibility of retrieving individual records. 4. Please provide a description of your policy regarding data ownership and availability should the Service be discontinued or sold. Answer: Please see our Master Service Agreement ( for more information. 5. Please provide a description of your policy regarding data ownership and availability should Customer fail to meet its payment obligations. Answer: Please see our Master Service Agreement ( for more information. Page 11
12 6. Will any Customers data/information be shared with any 3rd party for any reason? If yes, please describe. Answer: No. This is addressed under the Customer Data section of the of the Samanage Privacy Policy ( SERVICE LEVEL 1. Please provide Service availability statistics for the past 12 months. Answer: Please see the Samanage system status ( page. SUPPORT 1. Please describe the level of technical support included with the service, including business hours and expected response & resolution times. Answer: Please see the Customer Support Policy ( 2. Describe any additional support levels available for subscription. Answer: Yes. Please contact your Account Manager for further details. Customer support satisfaction is published on the Samanage Customer Support page ( com/home) 3. Please describe, in general, the qualifications of your support staff at all tiers. Answer: All support staff are qualified according to the standards set by the management team to ensure that Samanage maintains it excellence as a SaaS vendor. 4. Will an account representative be dedicated to my account? Answer: Depending on the level of service subscribed to, a Customer Success Representative may be assigned. However, all customers have free and unlimited access to Onboarding/Activation Webinars that are conducted at least twice every week. Page 12
13 SERVICE CHANGES 1. Please describe the mechanism(s) through which service enhancements or bug fixes are introduced into production. Answer: We publish all new features and service enhancement in our customer community: 2. How will customers be notified about changes to the production Service? Answer: Customers can subscribe to the Samanage system status page ( samanage.com) to get notified of known issues, and participate in the customer community ( for notifications on new service capabilities. 3. Describe the process should a production modification have a negative impact on customers data or configuration. Answer: Please contact Samanage support ASAP and the issue will be escalated. support@samanage.com or call INTEGRATION 1. Does your service provide an API accessible by customers? If yes, please provide a description of the API architecture (SOAP, REST, etc). Answer: Yes, We support RESTful access to the entire service. The API is documented at Examples and use cases for using the API can be found at the customer community ( We recommend using curl for developing and testing out the various features that the API offers. Another online option to curl is hurl. 2. Please provide a description of the API security model if it differs from the standard interface. Answer: The API supports user/password as well as HTTP digest authentication. Please see above for API documentation. Page 13
14 3. Please provide any limitations imposed on the API (number of transactions, CRUD restrictions, inaccessible objects, etc). Answer: Customer may not use the API in a manner, as reasonably determined by Samanage, that exceeds reasonable request volume or constitutes excessive or abusive usage. If any of these occur, Samanage can suspend or terminate the Customer s access to the API on a temporary or permanent basis. See the Master Service Agreement for more information ( CUSTOMER RESPONSIBILITIES 1. If applicable, please provide configuration or usage instructions that the customer must follow to ensure data security and Service performance. Answer: Please see our Master Service Agreement ( for complete information on customer responsibilities. Page 14
KeyLock Solutions Security and Privacy Protection Practices
KeyLock Solutions Overview KeyLock Solutions hosts its infrastructure at Heroku. Heroku is a cloud application platform used by organizations of all sizes to deploy and operate applications throughout
More informationFamly ApS: Overview of Security Processes
Famly ApS: Overview of Security Processes October 2015 Please consult http://famly.co for the latest version of this paper Page 1 of 10 Table of Contents 1. INTRODUCTION TO SECURITY AT FAMLY... 3 2. PHYSICAL
More informationClient Security Risk Assessment Questionnaire
Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2
More informationAutodesk PLM 360 Security Whitepaper
Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure
More informationHIPAA Privacy & Security White Paper
HIPAA Privacy & Security White Paper Sabrina Patel, JD +1.718.683.6577 sabrina@captureproof.com Compliance TABLE OF CONTENTS Overview 2 Security Frameworks & Standards 3 Key Security & Privacy Elements
More informationBOLDCHAT ARCHITECTURE & APPLICATION CONTROL
ARCHITECTURE & APPLICATION CONTROL A technical overview of BoldChat s security. INTRODUCTION LogMeIn offers consistently reliable service to its BoldChat customers and is vigilant in efforts to provide
More informationPrivacy + Security + Integrity
Privacy + Security + Integrity Docufree Corporation Data Security Checklist Security by Design Docufree is very proud of our security record and our staff works diligently to maintain the greatest levels
More informationQuestion 5: We inquire into whether the new dependent is the first child, as this give the advisor more context and avenues to assist the client.
COMPLIANCE OVERVIEW KIVVIK OVERVIEW Kivvik hosts its application with leading infrastructure and hosting services, including Amazon EC2 and S3 (NASDAQ: AMZN). We apply security controls at every layer
More informationSecurity Information & Policies
Security Information & Policies 01 Table of Contents OVERVIEW CHAPTER 1 : CHAPTER 2: CHAPTER 3: CHAPTER 4: CHAPTER 5: CHAPTER 6: CHAPTER 7: CHAPTER 8: CHAPTER 9: CHAPTER 10: CHAPTER 11: CHAPTER 12: CHAPTER
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationPII Compliance Guidelines
Personally Identifiable Information (PII): Individually identifiable information from or about an individual customer including, but not limited to: (a) a first and last name or first initial and last
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More informationSecure, Scalable and Reliable Cloud Analytics from FusionOps
White Paper Secure, Scalable and Reliable Cloud Analytics from FusionOps A FusionOps White Paper FusionOps 265 Santa Ana Court Sunnyvale, CA 94085 www.fusionops.com World-class security... 4 Physical Security...
More informationSWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific
More informationHeather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com
Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually
More informationTable of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.
FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer
More informationLas Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM
Las Vegas Datacenter Overview Product Overview and Data Sheet Product Data Sheet Maintaining a Software as a Service (SaaS) environment with market leading availability and security is something that Active
More informationApteligent White Paper. Security and Information Polices
Apteligent White Paper Security and Information Polices Data and Security Policies for 2016 Overview Apteligent s Mobile App Intelligence delivers real-time user experience insight based on behavioral
More informationPROTECTING YOUR VOICE SYSTEM IN THE CLOUD
PROTECTING YOUR VOICE SYSTEM IN THE CLOUD Every enterprise deserves to know what its vendors are doing to protect the data and systems entrusted to them. Leading IVR vendors in the cloud, like Angel, consider
More informationSecurity Whitepaper: ivvy Products
Security Whitepaper: ivvy Products Security Whitepaper ivvy Products Table of Contents Introduction Overview Security Policies Internal Protocol and Employee Education Physical and Environmental Security
More informationWe employ third party monitoring services to continually audit our systems to measure performance and identify potential bottlenecks.
Cloud computing, often referred to as simply the cloud, is the delivery of on-demand computing resources over the internet through a global network of state-of-the-art data centers. Cloud based applications
More informationOPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific documents requested,
More informationSMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales
SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,
More informationNetop Environment Security. Unified security to all Netop products while leveraging the benefits of cloud computing
Netop Environment Security Unified security to all Netop products while leveraging the benefits of cloud computing Contents Introduction... 2 AWS Infrastructure Security... 3 Standards - Compliancy...
More informationCollaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%
Security overview Collaborate on your projects in a secure environment Thousands of businesses, including Fortune 500 corporations, trust Wrike for managing their projects through collaboration in the
More informationHIPAA Security Matrix
HIPAA Matrix Hardware : 164.308(a)(1) Management Process =Required, =Addressable Risk Analysis The Covered Entity (CE) can store its Risk Analysis document encrypted and offsite using EVault managed software
More informationSecurity Controls for the Autodesk 360 Managed Services
Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices
More informationSecurity and Information Policies
Security and Information Policies 1 Data and Security Policies for 2015-2016 Overview Crittercism's Mobile App Intelligence delivers real-time user experience insight based on behavioral and operational
More informationIntel Enhanced Data Security Assessment Form
Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized
More informationUCS Level 2 Report Issued to
UCS Level 2 Report Issued to MSPAlliance Unified Certification Standard (UCS) Report Copyright 2014 www.mspalliance.com/ucs info@mspalliance.com Welcome to the UCS report which stands for Unified Certification
More informationPierianDx - Clinical Genomicist Workstation Software as a Service FAQ s
PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s Network Security Please describe the preferred connection method(s) between the PierianDx network and a healthcare organization s
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationWebrecs IT infrastructure. The Webrecs IT backend explained and how we store, backup, protect and deliver your documents to you
Webrecs IT infrastructure The Webrecs IT backend explained and how we store, backup, protect and deliver your documents to you Sunday, April 21, 2013 Contents Introduction... 3 Data storage... 3 Data Centres...
More informationSecurity and Data Protection for Online Document Management Software
Security and Data Protection for Online Document Management Software Overview As organizations transition documents and company information to Software as a Service (SaaS) applications that are no longer
More informationDESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the
More informationFormFire Application and IT Security. White Paper
FormFire Application and IT Security White Paper Contents Overview... 3 FormFire Corporate Security Policy... 3 Organizational Security... 3 Infrastructure and Security Team... 4 Application Development
More informationBEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050
BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 Adopting Multnomah County HIPAA Security Policies and Directing the Appointment of Information System Security
More informationWHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery
WHITE PAPER HIPAA-Compliant Data Backup and Disaster Recovery DOCUMENT INFORMATION HIPAA-Compliant Data Backup and Disaster Recovery PRINTED March 2011 COPYRIGHT Copyright 2011 VaultLogix, LLC. All Rights
More informationFeatures Security. File Versioning. Intuitive User Interface. Fast and efficient Backups
IBackup Professional provides a secure, efficient, reliable, cost effective and easy to use Internet based backup solution with additional emphasis on security and data retention. IBackup Professional
More informationSecurity & Infra-Structure Overview
Security & Infra-Structure Overview Contents KantanMT Platform Security... 2 Customer Data Protection... 2 Application Security... 2 Physical and Environmental Security... 3 ecommerce Transactions... 4
More informationThe Anti-Corruption Compliance Platform
The Anti-Corruption Compliance Platform DATA COLLECTION RISK IDENTIFICATION SCREENING INTEGRITY DUE DILIGENCE CERTIFICATIONS GIFTS, TRAVEL AND ENTERTAINMENT TRACKING SECURITY AND DATA PROTECTION The ComplianceDesktop
More informationSupplier Security Assessment Questionnaire
HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.
More informationSecurity Features: Lettings & Property Management Software
Security Features: Lettings & Property Management Software V 2.0 (23/02/2015) Table of Contents Introduction to Web Application Security... 2 Potential Security Vulnerabilities for Web Applications...
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationBEST PRACTICES FOR COMMERCIAL COMPLIANCE
BEST PRACTICES FOR COMMERCIAL COMPLIANCE [ BEST PRACTICES FOR COMMERCIAL COMPLIANCE ] 2 Contents OVERVIEW... 3 Health Insurance Portability and Accountability Act (HIPAA) of 1996... 4 Sarbanes-Oxley Act
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationLive Guide System Architecture and Security TECHNICAL ARTICLE
Live Guide System Architecture and Security TECHNICAL ARTICLE Contents 1. Introduction... 2 2. Hosting Environment... 2 2.1. Standards - Compliancy... 3 2.2. Business Continuity Management... 3 2.3. Network
More informationDriveHQ Security Overview
DriveHQ Security Overview Based in Silicon Valley, DriveHQ was the first company to offer Cloud IT Solution. We have over one million customers from all over the world and across many industries. We have
More information10 Ways to Avoid Ethics Dangers in the Cloud
877.557.4273 catalystsecure.com ARTICLE 10 Ways to Avoid Ethics Dangers in the Cloud Is Cloud Computing Bob Ambrogi, Esq. Director of Communications, Catalyst Repository Systems Is Cloud Computing Ethical
More informationHIPAA/HITECH Compliance Using VMware vcloud Air
Last Updated: September 23, 2014 White paper Introduction This paper is intended for security, privacy, and compliance officers whose organizations must comply with the Privacy and Security Rules of the
More informationEnsuring Enterprise Data Security with Secure Mobile File Sharing.
A c c e l l i o n S e c u r i t y O v e r v i e w Ensuring Enterprise Data Security with Secure Mobile File Sharing. Accellion, Inc. Tel +1 650 485-4300 1804 Embarcadero Road Fax +1 650 485-4308 Suite
More informationSecurity Document. Issued April 2014 Updated October 2014 Updated May 2015
Security Document Issued April 2014 Updated October 2014 Updated May 2015 Table of Contents Issued April 2014... 1 Updated October 2014... 1 Updated May 2015... 1 State-of-the-art Security for Legal Data...
More informationAPPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST
APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST Application Name: Vendor Name: Briefly describe the purpose of the application. Include an overview of the application architecture, and identify the data
More informationpenelope athena software SOFTWARE AS A SERVICE INFORMATION PACKAGE case management software
penelope case management software SOFTWARE AS A SERVICE INFORMATION PACKAGE athena software "I've worked with major corporations and universities and I am really impressed with Athena's hosted server and
More informationSaaS Security for the Confirmit CustomerSat Software
SaaS Security for the Confirmit CustomerSat Software July 2015 Arnt Feruglio Chief Operating Officer The Confirmit CustomerSat Software Designed for The Web. From its inception in 1997, the architecture
More informationHow To Use Egnyte
INTRODUCING ON DEMAND FILE SERVER FROM BT WHOLESALE APPLICATION STORE WHAT IS ON DEMAND FILE SERVER? The three most common technology challenges facing every small business are data storage, information
More informationHealthcare Management Service Organization Accreditation Program (MSOAP)
ELECTRONIC HEALTHCARE NETWORK ACCREDITATION COMMISSION (EHNAC) Healthcare Management Service Organization Accreditation Program (MSOAP) For The HEALTHCARE INDUSTRY Version 1.0 Released: January 2011 Lee
More informationTableau Online Security in the Cloud
Tableau Online Security in the Cloud Author: Ellie Fields Senior Director, Product Marketing, Tableau Software June 2013 p2 Tableau Software understands that data is among the most strategic and important
More informationMay 2010. Cloud Vendor Charter. Vendor Version Not for distribution to customers
May 2010 Cloud Vendor Charter Vendor Version Not for distribution to customers Disclaimer This specification is published without responsibility on the part of BASDA Ltd or the various contributors, sponsors
More informationtwilio cloud communications SECURITY ARCHITECTURE
twilio cloud communications SECURITY ARCHITECTURE July 2014 twilio.com Security is a lingering concern for many businesses that want to take advantage of the flexibility and ease of cloud services. Businesses
More informationSecure Data Hosting. Your data is our top priority.
Secure Data Hosting Your data is our top priority. ESO s world-class security infrastructure is designed to provide data redundancy, security and availability while keeping sensitive HIPAA and PHI information
More informationWith Eversync s cloud data tiering, the customer can tier data protection as follows:
APPLICATION NOTE: CLOUD DATA TIERING Eversync has developed a hybrid model for cloud-based data protection in which all of the elements of data protection are tiered between an on-premise appliance (software
More informationSITECATALYST SECURITY
SITECATALYST SECURITY Ensuring the Security of Client Data June 6, 2008 Version 2.0 CHAPTER 1 1 Omniture Security The availability, integrity and confidentiality of client data is of paramount importance
More informationSmall Business IT Risk Assessment
Small Business IT Risk Assessment Company name: Completed by: Date: Where Do I Begin? A risk assessment is an important step in protecting your customers, employees, and your business, and well as complying
More informationWhite Paper How Noah Mobile uses Microsoft Azure Core Services
NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah
More informationThis document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered business sensitive.
SERVICEPOINT SECURING CLIENT DATA This document and the information contained herein are the property of and should be considered business sensitive. Copyright 2006 333 Texas Street Suite 300 Shreveport,
More informationSystem Security Plan University of Texas Health Science Center School of Public Health
System Security Plan University of Texas Health Science Center School of Public Health Note: This is simply a template for a NIH System Security Plan. You will need to complete, or add content, to many
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationDruva Phoenix: Enterprise-Class. Data Security & Privacy in the Cloud
Druva Phoenix: Enterprise-Class Data Security & Privacy in the Cloud Advanced, multi-layer security to provide the highest level of protection for today's enterprise. Table of Contents Overview...3 Cloud
More informationBOWMAN SYSTEMS SECURING CLIENT DATA
BOWMAN SYSTEMS SECURING CLIENT DATA 2012 Bowman Systems L.L.C. All Rights Reserved. This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered
More informationSalesforce & HIPAA Compliance
An ecfirst Case Study: Salesforce & HIPAA Compliance Salesforce Provides the Tool, You Are Responsible for Compliance 2014 All Rights Reserved ecfirst TABLE OF CONTENTS EXECUTIVE SUMMARY... 3 WHAT IS SALESFORCE?...
More informationRAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER
RaySafe S1 SECURITY WHITEPAPER Contents 1. INTRODUCTION 2 ARCHITECTURE OVERVIEW 2.1 Structure 3 SECURITY ASPECTS 3.1 Security Aspects for RaySafe S1 Data Collector 3.2 Security Aspects for RaySafe S1 cloud-based
More informationHosted Exchange. Security Overview. Learn More: Call us at 877.634.2728. www.megapath.com
Security Overview Learn More: Call us at 877.634.2728. www.megapath.com Secure and Reliable Hosted Exchange Our Hosted Exchange service is delivered across an advanced network infrastructure, built on
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationBMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
More informationFrequently Asked Questions about Cloud and Online Backup
Frequently Asked Questions about Cloud and Online Backup With more companies realizing the importance of protecting their mission-critical data, we know that businesses are also evaluating the resiliency
More informationUnderstanding Sage CRM Cloud
Understanding Sage CRM Cloud Data centre and platform security whitepaper Document version 2016 Table of Contents 1.0 Introduction 3 2.0 Sage CRM Cloud Data centre Infrastructure 4 2.1 Site location 4
More informationRetention & Destruction
Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of
More informationFive keys to a more secure data environment
Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational
More informationAWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II
AWS Security CJ Moses Deputy Chief Information Security Officer Security is Job Zero! Overview Security Resources Certifications Physical Security Network security Geo-diversity and Fault Tolerance GovCloud
More informationSecurity Considerations
Concord Fax Security Considerations For over 15 years, Concord s enterprise fax solutions have helped many banks, healthcare professionals, pharmaceutical companies, and legal professionals securely deliver
More informationDooblo SurveyToGo: Security Overview
Dooblo SurveyToGo: Security Overview May, 2012 Written by: Dooblo Page 1 of 10 1 Table of Contents 1 INTRODUCTION... 3 1.1 OVERVIEW... 3 1.2 PURPOSE... 3 2 PHYSICAL DATA CENTER SECURITY... 4 2.1 OVERVIEW...
More informationLevel I - Public. Technical Portfolio. Revised: July 2015
Level I - Public Technical Portfolio Revised: July 2015 Table of Contents 1. INTRODUCTION 3 1.1 About Imaginatik 3 1.2 Taking Information Security Seriously 3 2. DATA CENTER SECURITY 3 2.1 Data Center
More informationInformation Technology General Controls Review (ITGC) Audit Program Prepared by:
Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationDisclosure Requirements of CloudCode Software
DISCLOSURE STATEMENT PREPARED BY - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
More informationManaged Hosting & Datacentre PCI DSS v2.0 Obligations
Any physical access to devices or data held in an Melbourne datacentre that houses a customer s cardholder data must be controlled and restricted only to approved individuals. PCI DSS Requirements Version
More informationGoodData Corporation Security White Paper
GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share
More informationCloudDesk - Security in the Cloud INFORMATION
CloudDesk - Security in the Cloud INFORMATION INFORMATION CloudDesk SECURITY IN THE CLOUD 3 GOVERNANCE AND INFORMATION SECURITY 3 DATA CENTRES 3 DATA RESILIENCE 3 DATA BACKUP 4 ELECTRONIC ACCESS TO SERVICES
More informationShareFile Security Overview
ShareFile Security Overview ShareFile Company Policy All ShareFile employees undergo full background checks and sign our information security policy prior to beginning employment with the company. The
More informationWISHIN Pulse Statement on Privacy, Security and HIPAA Compliance
WISHIN Pulse Statement on Privacy, Security and HIPAA Compliance SEC-STM-072014 07/2014 Contents Patient Choice... 2 Security Protections... 2 Participation Agreement... 2 Controls... 3 Break the Glass...
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationClever Security Overview
Clever Security Overview Clever Security White Paper Contents 3 Introduction Software Security 3 Transport Layer Security 3 Authenticated API Calls 3 Secure OAuth 2.0 Bearer Tokens 4 Third Party Penetration
More informationICE SDR SERVICE DISCLOSURE DOCUMENT
ICE SDR SERVICE DISCLOSURE DOCUMENT ICE Trade Vault, LLC ( ICE Trade Vault ) offers a swap data repository service for the collection, storage and regulatory reporting of a comprehensive range of trade
More informationAccellion Security FAQ
A N A C C E L L I O N W H I T E P A P E R Accellion Security FAQ Accellion, Inc. Tel +1 650 485-4300 1804 Embarcadero Road Fax +1 650 485-4308 Suite 200 www.accellion.com Palo Alto, CA 94303 info@accellion.com
More information