CloudDesk - Security in the Cloud INFORMATION
|
|
- Harold Davis
- 8 years ago
- Views:
Transcription
1 CloudDesk - Security in the Cloud INFORMATION
2 INFORMATION CloudDesk SECURITY IN THE CLOUD 3 GOVERNANCE AND INFORMATION SECURITY 3 DATA CENTRES 3 DATA RESILIENCE 3 DATA BACKUP 4 ELECTRONIC ACCESS TO SERVICES 4 ANTI-VIRUS AND PATCHING 4 INTRUSION DETECTION / PREVENTION AND LOGGING 4 STAFF CHANGE CONTROL AND ACCESS MONITORING 4 DATA OWNERSHIP 5 CLIENT DATA 5 ACTIVE DIRECTORY 5 DOCUMENT CONTROL 5 Hosted PC in the Cloud Fully Managed Service Windows 7 Look and Feel Highly Secure with 100% Data Encryption Self-install any Windows Application Choice of User Applications Persaonalise & Customise Flexible Scale Up & Down QMS DOC REF: QMS REC 87, ISSUE NUMBER: 1.1, ISSUE DATE: 15/09/2014, PUBLISH DATE: 12/01/2015. info@
3 security in the cloud This document summarises Calligo s security policies and explains how we protect your CloudDesk data and keep it safe. Cloud computing offers numerous advantages over the traditional delivery of IT using inhouse or hosted systems. This document describes the governance, physical, technical standards and systems that Calligo has implemented. Taken as a whole these deliver the highest levels of protection. governance and information security Calligo has a dedicated team of professionals with responsibility, across all areas of the organisation, for Security & Compliance. This includes product development, the delivery of services and the day-to-day management of the company. The Chief Security Officer, who is a member of the executive management team for Calligo, leads the Security & Compliance group. Calligo is an Accredited Quality Management System (QMS) company as specified in ISO 9001:2008. The scope of Calligo s QMS comprises Service Delivery, Project Management, HR and Supplier Management. Within the Security & Compliance group we have a dedicated Standards & Compliance Manager, who is professionally trained as a lead auditor, to maintain and improve its quality, both internally and to our clients. In addition, Calligo has implemented its own Information Security Management System (ISMS) across all areas of the business. This is based on and independently accredited to ISO :2013, which is considered the industry standard for information security management. Calligo ensures the constant integration of best practice and operational conformance to its published policies and procedures. We achieve this by an internal audit process that ensures that the activities undertaken by the team are fully inline with our internal processes, and where necessary supplement this with third party audits, an example of this would be the external audit undertaken of Calligo s ISO 27001:2013 implementation. The policies and procedures that Calligo has deployed are fully aligned to the standards that are published by the Cloud Security Alliance (CSA), known as the STAR standards. These extend the ISO standards and reflect best practice that is specific to cloud service providers. Calligo will soon be seeking CSA STAR certification. data centres Calligo uses specialist data centre providers who host our equipment at selected offshore locations. In Jersey & Guernsey we use Sure International, in Zurich we use Interoute and in Cayman we have partnered with MCS. All data centres have the highest level of physical and technical security. The infrastructure design includes: Independent electricity supply from the grid separate transformers and diverse cable routing Multiple standby power generators onsite with diesel stored on-site Uninterruptible power supply systems (battery backup) N+1 Multiple air conditioning units N+1 Fire suppression and VESDA (Very Early Smoke Detection Apparatus) Network communication circuits delivered over multiple carriers and routes All services monitored 24x7. The Jersey & Zurich facilities have ISO certification in place. The Guernsey facility has adopted ISO standards throughout, and will be looking to formally be audited in the coming months. Physical access to the data centres is highly restricted. Calligo has full control over who has access, when access occurs and we also ensure that the standards of the data centre facility are regularly reviewed to ensure compliance. In addition we have a controlled process in place to manage visitor access should it be required, we ensure that this access is limited and controlled typically with proximity card or biometrics. data resilience Calligo uses state of the art hardware including solid state storage platforms with all data being centrally stored on a Storage Area Network (SAN). Calligo s storage system is designed specifically for cloud services providers and provides levels of performance and security rarely seen in older, more traditional storage. Data is stored using 128-bit AES encryption. The distribution of keys is secure, as the key is never stored completely in one place. The key is split and encrypted prior to node distribution. No single node or drive has the key on it at any time. Whenever power is lost on a drive the data stored is inaccessible as it is encrypted. The disk system uses a clustered architecture, providing a highly available system that is designed to be fault tolerant with no single points of failure. A distributed replication mechanism protects data across multiple drives and nodes within a cluster. info@ 3
4 In addition the disk system contains specific features to support multi-tenancy cloud services, destructive data deletion and forensic data discovery. data backup A CloudDesk consists of a C: Drive and a D: Drive. The C: Drive is a system drive and Calligo strongly advises that this is not used to store data. This drive is not backed up if it becomes corrupted Calligo will recreate from a Gold build. The D: Drive, also called Persistent Data Disk, is a personal data drive. Documents saved to the My Documents folder (or a sub-folder of this) will be stored on the D: Drive. The My Documents folder, and sub-folders, are backed up as default for 7 days. My Documents includes Documents, Music, Pictures, Videos and Favourites. This backup is held in the same data centre as your CloudDesk. When you delete a file, such as a Word document or Excel spreadsheet, then a copy of that file will be held in the backup system for a further 7 days and can be restored by Calligo (as a chargeable service) during that period. After 7 days it will be permanently deleted. The above backup service meets the vast majority of operational requirements. If a document is accidentally deleted or overwritten then that is usually realised very quickly, within 7 days, and the document can be restored. But, a regulated business is likely to have more demanding data retention policies and Calligo recommends the use of its CloudCopy service. The CloudCopy service encrypts, compresses and replicates data across two data centres. This backup service provides a very high level of protection and meets, or exceeds, the most demanding security requirements. Clients can define their own data retention policies which for a financial services business might be to retain daily backups for 31 days, month end backups for 13 months and year end backups for 7 years. electronic access to services The CloudDesk service is accessed via the Internet or private communication circuits. The desktop connection sessions provides full encryption of the active session ensuring protection of all transmitted data, preventing interception for key strokes and screen data logging, and preventing Man in the Browser type attacks. Customers may also request VPN (virtual private network) access to their cloud services such as CloudDesk. This is a cost option, but can be provided with PPTP or VPN with a permanent point to point tunnel or dial-up VPN. anti-virus and patching The CloudDesk desktops are protected from viruses and malware using a combination of Microsoft and Trend Micro s protection services. Trend Micro is a leading provider of IT security systems and has invested extensively to deliver products specifically designed for cloud service providers, and is a trusted partner of Calligo. The Windows desktop and Microsoft applications, such as Office, are patched and updated by Calligo. Clients and their end users do not have to worry about undertaking these time consuming tasks. The Trend Micro solution is also available as an option for hosted servers. It is not automatically provided as clients may already have alternative, preferred, options. intrusion detection / prevention and logging Using a combination of security solutions from trusted partners we have built a multi layered deployment Security Platform. It delivers a comprehensive, vendor neutral, adaptive and highly efficient protection service across our environment that defends and protects at every level of the platform, covering areas such as anti-malware, intrusion detection and prevention, firewalls, web application protection, full end to end integrity monitoring and detailed log inspection. This is running in real time across the entire cloud platform. The solution is deployed both internally and externally ensuring full defense at multiple layers throughout the environment. In addition, Calligo employs a detailed policy to log all user access to any and all services (such as hosted desktop and ) storing these information security logs as part of a detailed managed data retention policy. staff change control and access monitoring Calligo engineers that provide support to CloudDesk clients have passed a data competency check. All staff members have references checked and have also signed an encompassing Confidentiality Agreement with Calligo, preventing the disclosure of any sensitive materials in our domain. Access to systems and data is only undertaken by experienced engineering staff that have been granted access by Director or C Level. Staff members are aware that their access to systems and physical access is monitored. Access to all systems and the data contained within is role based, ensuring that control of access is maintained and provided on a needs basis opposed to full access at all times. Any changes to data, systems or infrastructure must be requested through Calligo s formal change management process, with approval required by its change board, which includes executive management approval prior to any changes occurring this ensures that any change that is authorised to occur is fully considered and understood, which includes relevant rollback and reversal processes in the unlikely event that a change must be backed out. Calligo s Change Management policy is ITIL compliant, and is a key area of both its Quality and Information Security Management processes which have been independently reviewed and certified. Quarterly audits are made by the Security & Compliance group to ensure access to data is aligned to roles of staff members, and fully reported to back to the executive management team. user access control and storage separation Authentication and access control measures are fully adopted throughout the CloudDesk platform to prevent inappropriate access to data. Access control usage policies are established for each client to ensure that the correct access permissions are applied to its data, and these are applied using ACL (access control lists), and are periodically reviewed to ensure relevance Each customer s data is logically separated within our storage network and through ACL (access control lists) only approved designated users are granted access. Calligo uses Secure LDAP and Microsoft s Active Directory Services to allow for the administration and control of access to data, with unique access to client data built based on client need. In the case of dynamic services and hosted desktops the session data is also protected by virtualisation technologies (VMware), which allow for user resources at the hardware or software level (memory, processes and CPU units), which provides total security to users info@ 4
5 within these systems, as well as the data they are accessing. Unlike pure terminal services, or Citrix, Calligo clients have their own virtualised and isolated environment to work within not one that is shared by other users. This architecture allows for a great level of security to be applied, not just on data access, but also on the entire virtual session that is used. data ownership Calligo ensures security and privacy of your data and Calligo s terms and conditions of service provide specific guarantees in respect of the ability to off-board. We comply with the principles of the UK Data Protection Act 1998, the Data Protection (Jersey) Law 2005, the Data Protection (Bailiwick of Guernsey) Law 2001 and the Privacy and Electronic Communications (EC Directive) Regulations The eight principles relating to the processing of personal information are: Fairly and lawfully processed Processed for a limited time Adequate, relevant & not excessive Accurate Not kept longer than necessary Processed in accordance with your rights Secure Not transferred to countries without adequate protection Customer privacy and security is of upmost importance to us. We will always follow these principles and ask you how you would like us (or our partners) to communicate with you. CLIENT DATA You can be confident that your data is safe and will always be available to you, and only you. Our managed service protects you from the ever changing threat of viruses and the loss of data. We take responsibility for ensuring that proper security measures are in place to protect your data. Clients have access to their own data at any time, which they can copy, backup and store themselves if required. Client data is not stored in any proprietary format and in the case of service termination the data can be provided to the Client on DVD or other portable digital device subject to a standard services fee. After a Client has exited the service their data is purged from Calligo s systems. active directory The CloudDesk service incorporates Microsoft s Active Directory (AD) service. This allows for granular control of a wide range of services and features. For example, it is possible to lock down a desktop so that it is impossible for an end user to install additional applications. This can be controlled by organisation, department or individual user. Access to shared network folders can be similarly controlled by department or user with control over access rights such as read/ write, read only. By default user passwords are required to be complex (i.e. include a variety of upper, lower case, numbers and special characters), expire regularly and cannot reuse recent. Password policies can be adjusted to reflect a client s policies (may be chargeable), and will ensure that a client s unique security requirement can be built into the solution to be deployed. document control For details visit: Copyright 2015 Calligo Limited. Not to be reproduced without permission. info@
CloudCore. cloudcore infrastructure 4 100% SOLID STATE STORAGE 4 TRUE SCALE-OUT ARCHITECTURE 5 RAID-LESS DATA PROTECTION 5
OVERVIEW CloudCore Supports the Most Demanding Workloads ISO 27001:2013 Security with 100% Data Encryption VMware s vcloud Air Network Service Compatible Choice of Multiple Offshore Jurisdictions calligo
More informationInsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?
What is InsightCloud? InsightCloud is a web portal enabling Insight customers to purchase and provision a wide range of Cloud services in a straightforward and convenient manner. What is SaaS? Software
More informationWhite Paper How Noah Mobile uses Microsoft Azure Core Services
NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah
More informationSystem Security. Your data security is always our top priority
Your data security is always our top priority Data security is an important factor for every client, our continued investment in the latest technology methods and world class data centres show our commitment
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationSaaS architecture security
Introduction i2o solutions utilise the software as a service (or SaaS) model because it enables us to provide our customers with a robust, easy to use software platform that facilitates the rapid deployment
More informationTalentLink Disaster Recovery & Service Continuity
Technical Services Briefing Document TalentLink Disaster Recovery & Service Continuity Version 1.2 (January 2012) Contents Overview Planning for Service Continuity Disaster Recovery Process Business Continuity
More informationIT Security Procedure
IT Security Procedure 1. Purpose This Procedure outlines the process for appropriate security measures throughout the West Coast District Health Board (WCDHB) Information Systems. 2. Application This Procedure
More informationOur Cloud Offers You a Brighter Future
Our Cloud Offers You a Brighter Future Qube Global Software Cloud Services are used by many diverse organisations including financial institutions, international service providers, property companies,
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationWhite Paper. BD Assurity Linc Software Security. Overview
Contents 1 Overview 2 System Architecture 3 Network Settings 4 Security Configurations 5 Data Privacy and Security Measures 6 Security Recommendations Overview This white paper provides information about
More informationSNAP WEBHOST SECURITY POLICY
SNAP WEBHOST SECURITY POLICY Should you require any technical support for the Snap survey software or any assistance with software licenses, training and Snap research services please contact us at one
More informationCreated By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee
Windows Server Security Best Practices Initial Document Created By: 2009 Windows Server Security Best Practices Committee Document Creation Date: August 21, 2009 Revision Revised By: 2014 Windows Server
More informationSaaS Security for the Confirmit CustomerSat Software
SaaS Security for the Confirmit CustomerSat Software July 2015 Arnt Feruglio Chief Operating Officer The Confirmit CustomerSat Software Designed for The Web. From its inception in 1997, the architecture
More informationitg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future.
Web Filtering Email Filtering Mail Archiving Cloud Backup Disaster Recovery Virtual Machines Private Cloud itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your
More informationMAXIMUM DATA SECURITY with ideals TM Virtual Data Room
MAXIMUM DATA SECURITY with ideals TM Virtual Data Room WWW.IDEALSCORP.COM ISO 27001 Certified Account Settings and Controls Administrators control users settings and can easily configure privileges for
More informationStratusLIVE for Fundraisers Cloud Operations
6465 College Park Square Virginia Beach, VA 23464 757-273-8219 (main) 757-962-6989 (fax) stratuslive.com Contents Security Services... 3 Rackspace Multi Layered Approach to Security... 3 Network... 3 Rackspace
More informationEAaaS Cloud Security Best Practices
EAaaS Cloud Security Best Practices A Technical White Paper by Sennovate Inc Jan 2013 EAaaS Cloud Security Best Practices Page 1 Introduction: Cloud security is an ever evolving subject that is difficult
More information1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network...
Contents 1 Purpose... 2 2 Scope... 2 3 Roles and Responsibilities... 2 4 Physical & Environmental Security... 3 5 Access Control to the Network... 3 6 Firewall Standards... 4 7 Wired network... 5 8 Wireless
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More informationSecure, Scalable and Reliable Cloud Analytics from FusionOps
White Paper Secure, Scalable and Reliable Cloud Analytics from FusionOps A FusionOps White Paper FusionOps 265 Santa Ana Court Sunnyvale, CA 94085 www.fusionops.com World-class security... 4 Physical Security...
More informationGuardian365. Managed IT Support Services Suite
Guardian365 Managed IT Support Services Suite What will you get from us? Award Winning Team Deloitte Best Managed Company in 2015. Ranked in the Top 3 globally for Best Managed Service Desk by the Service
More informationSecurity Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1
JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us
More informationApplication Development within University. Security Checklist
Application Development within University Security Checklist April 2011 The Application Development using data from the University Enterprise Systems or application Development for departmental use security
More informationHosted Exchange. Security Overview. Learn More: Call us at 877.634.2728. www.megapath.com
Security Overview Learn More: Call us at 877.634.2728. www.megapath.com Secure and Reliable Hosted Exchange Our Hosted Exchange service is delivered across an advanced network infrastructure, built on
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationUniversity of Liverpool
University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October
More informationIBM G-Cloud Microsoft Windows Active Directory as a Service
IBM G-Cloud Microsoft Windows Active Directory as a Service Service Definition IBM G-Cloud Windows AD as a Service 1 1. Summary 1.1 Service Description This offering is provided by IBM Global Business
More informationBirst Security and Reliability
Birst Security and Reliability Birst is Dedicated to Safeguarding Your Information 2 Birst is Dedicated to Safeguarding Your Information To protect the privacy of its customers and the safety of their
More informationSecuring the Service Desk in the Cloud
TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationAPPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST
APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST Application Name: Vendor Name: Briefly describe the purpose of the application. Include an overview of the application architecture, and identify the data
More informationCyber Essentials Questionnaire
Cyber Essentials Questionnaire Introduction The Cyber Essentials scheme is recommended for organisations looking for a base level Cyber security test where IT is a business enabler rather than a core deliverable.
More information<cloud> Secure Hosting Services
Global Resources... Local Knowledge Figtree offers the functionality of Figtree Systems Software without the upfront infrastructure investment. It is the preferred deployment solution for organisations
More informationEnsuring security the last barrier to Cloud adoption
Ensuring security the last barrier to Cloud adoption Publication date: March 2011 Ensuring security the last barrier to Cloud adoption Cloud computing has powerful attractions for the organisation. It
More informationSecure and control how your business shares files using Hightail
HIGHTAIL FOR ENTERPRISE: SECURITY OVERVIEW Secure and control how your business shares files using Hightail Information the lifeblood of any business is potentially placed at risk every time digital files
More informationLas Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM
Las Vegas Datacenter Overview Product Overview and Data Sheet Product Data Sheet Maintaining a Software as a Service (SaaS) environment with market leading availability and security is something that Active
More informationInformation security controls. Briefing for clients on Experian information security controls
Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face
More informationTELSTRA CLOUD SERVICES CLOUD INFRASTRUCTURE PRICING GUIDE AUSTRALIA
TELSTRA CLOUD SERVICES CLOUD INFRASTRUCTURE PRICING GUIDE AUSTRALIA WELCOME TO TELSTRA CLOUD SERVICES Our cloud infrastructure solutions are made up of a combination of scalable cloud resources, including
More informationAppendix 1c. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF NETWORK/INTERNET SECURITY
Appendix 1c DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF NETWORK/INTERNET SECURITY DISTRIBUTION LIST Audit Team Prakash Gohil, Audit Manager Steven Snaith, Risk
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationBOWMAN SYSTEMS SECURING CLIENT DATA
BOWMAN SYSTEMS SECURING CLIENT DATA 2012 Bowman Systems L.L.C. All Rights Reserved. This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered
More informationOpen Data Center Alliance Usage: Provider Assurance Rev. 1.1
sm Open Data Center Alliance Usage: Provider Assurance Rev. 1.1 Legal Notice This Open Data Center Alliance SM Usage:Provider Assurance is proprietary to the Open Data Center Alliance, Inc. NOTICE TO USERS
More information<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129
Addendum Amendment ID Proposal ID Enrollment number Microsoft to complete This addendum ( Windows Azure Addendum ) is entered into between the parties identified on the signature form for the
More informationBig Data Analytics Service Definition G-Cloud 7
Big Data Analytics Service Definition G-Cloud 7 Big Data Analytics Service Service Overview ThinkingSafe s Big Data Analytics Service allows information to be collected from multiple locations, consolidated
More informationInteract Intranet Version 7. Technical Requirements. August 2014. 2014 Interact
Interact Intranet Version 7 Technical Requirements August 2014 2014 Interact Definitions... 3 Licenses... 3 On-Premise... 3 Cloud... 3 Pulic Cloud... 3 Private Cloud... 3 Perpetual... 3 Self-Hosted...
More informationHow To Use Egnyte
INTRODUCING ON DEMAND FILE SERVER FROM BT WHOLESALE APPLICATION STORE WHAT IS ON DEMAND FILE SERVER? The three most common technology challenges facing every small business are data storage, information
More informationSupplier IT Security Guide
Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA
More informationSecurity Overview Enterprise-Class Secure Mobile File Sharing
Security Overview Enterprise-Class Secure Mobile File Sharing Accellion, Inc. 1 Overview 3 End to End Security 4 File Sharing Security Features 5 Storage 7 Encryption 8 Audit Trail 9 Accellion Public Cloud
More informationHosted Exchange Service
Hosted Exchange Service Contents Contents... 1 Overview Hosted Exchange... 3 Hosted Exchange Features... 3 Technical Features... 3 Hosted Exchange - MailBox... 4 Hosted Exchange - Key Points... 4 Cloud
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationAGENDA ITEM: SUMMARY. Author/Responsible Officer: John Worts, ICT Team Leader
AGENDA ITEM: SUMMARY Report for: Committee Date of meeting: 30 May 2012 PART: 1 If Part II, reason: Title of report: Contact: Purpose of report: Recommendations Corporate objectives: Implications: INFORMATION
More informationInfrastructure & Software
Managed Services We can provide you with a fully managed service more than simply hosting or co-location but a full end-to-end and single point of contact service. Infrastructure & Software Datacentres
More informationData Access Request Service
Data Access Request Service Guidance Notes on Security Version: 4.0 Date: 01/04/2015 1 Copyright 2014, Health and Social Care Information Centre. Introduction This security guidance is for organisations
More informationUCS Level 2 Report Issued to
UCS Level 2 Report Issued to MSPAlliance Unified Certification Standard (UCS) Report Copyright 2014 www.mspalliance.com/ucs info@mspalliance.com Welcome to the UCS report which stands for Unified Certification
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationKeyfort Cloud Services (KCS)
Keyfort Cloud Services (KCS) Data Location, Security & Privacy 1. Executive Summary The purposes of this document is to provide a common understanding of the data location, security, privacy, resiliency
More informationUK Inflammatory Bowel Disease Audit Biologics Audit system and hosted server Security Details
UK Inflammatory Bowel Disease Audit Biologics Audit system and hosted server Details www.ibdbiologicsaudit.org Table of contents For further information contact: biologics.audit@rcplondon.ac.uk Overview...2
More informationLevel I - Public. Technical Portfolio. Revised: July 2015
Level I - Public Technical Portfolio Revised: July 2015 Table of Contents 1. INTRODUCTION 3 1.1 About Imaginatik 3 1.2 Taking Information Security Seriously 3 2. DATA CENTER SECURITY 3 2.1 Data Center
More informationWhite Paper. Software as a Service by Yardi. Secure, seamless hosting and support
White Paper Software as a Service by Yardi Secure, seamless hosting and support Yardi, the Yardi logo, and the names of Yardi products and services are either registered trademarks or trademarks of Yardi
More informationGiftWrap 4.0 Security FAQ
GiftWrap 4.0 Security FAQ The information presented here is current as of the date of this document, and may change from time-to-time, in order to reflect s ongoing efforts to maintain the highest levels
More informationINFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc.
INFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc. Copyright 2016 Table of Contents INSTRUCTIONS TO VENDORS 3 VENDOR COMPLIANCE PROGRAM OVERVIEW 4 VENDOR COMPLIANCE
More informationHow To Secure An Rsa Authentication Agent
RSA Authentication Agents Security Best Practices Guide Version 3 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks RSA,
More informationWoodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview
Houghton Mifflin Harcourt - Riverside (HMH - Riverside) is pleased to offer online scoring and reporting for Woodcock-Johnson IV (WJ IV) and Woodcock-Muñoz Language Survey Revised Normative Update (WMLS-R
More informationOnline Backup Service Definition
Online Backup Service Definition 2 Table of Contents Purpose of Document... 3 Online Backup Service... 3 Accreditations... 5 Target Service Levels for Online Backup... 5 Service Credits Rules and Claims...
More informationEnterprise level security, the Huddle way.
Enterprise level security, the Huddle way. Security whitepaper TABLE OF CONTENTS 5 Huddle s promise Hosting environment Network infrastructure Multiple levels of security Physical security System & network
More informationHMIS Privacy/Security Plan
Page 1 of 8 Memphis and Shelby County Homeless Management Information System Community Alliance for the Homeless, MIS Department Memphis TN 38103 (901) 527-1302 Phone, (901) 527-1308 Fax www.cafth.org
More informationDesktop as a Service Service Definition
Desktop as a Service Service Definition 2 Table of Contents Purpose of Document... 4 Desktops as a Service (DaaS) Service Description... 4 Technology... 5 Deliver Uncompromised End User Experience... 5
More informationSecurity Controls for the Autodesk 360 Managed Services
Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationRotherham CCG Network Security Policy V2.0
Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October
More informationSHARPCLOUD SECURITY STATEMENT
SHARPCLOUD SECURITY STATEMENT Summary Provides details of the SharpCloud Security Architecture Authors: Russell Johnson and Andrew Sinclair v1.8 (December 2014) Contents Overview... 2 1. The SharpCloud
More informationNHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction
NHSnet : PORTABLE COMPUTER SECURITY POLICY 9.2 Introduction This document comprises the IT Security policy for Portable Computer systems as described below. For the sake of this document Portable Computers
More informationECSA EuroCloud Star Audit Data Privacy Audit Guide
ECSA EuroCloud Star Audit Data Privacy Audit Guide Page 1 of 15 Table of contents Introduction... 3 ECSA Data Privacy Rules... 4 Governing Law... 6 Sub processing... 6 A. TOMs: Cloud Service... 7 TOMs:
More informationCloud Computing and Records Management
GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationHow To Audit Health And Care Professions Council Security Arrangements
Audit Committee 28 Internal audit report ICT Security Executive summary and recommendations Introduction Mazars has undertaken a review of ICT Security controls, in accordance with the internal audit plan
More informationWhy SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?
SaaS vs. COTS Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)? Unlike COTS solutions, SIMCO s CERDAAC is software that is offered as a service (SaaS). This offers several
More informationCLOUD FRAMEWORK & SECURITY OVERVIEW
CLOUD FRAMEWORK & OVERVIEW From small businesses to the largest Fortune 500 Enterprises, customers trust the irise cloud infrastructure when collaborating to define and design their applications. This
More informationDMA Information Security Management Requirements January 2012. DMA Standard: produced for the protection of electronic information.
January 2012 DMA Standard: produced for the protection of electronic information. INTRODUCTION Information within an organisation can take many paths and can be used for many varied purposes. This data
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationEnsuring Enterprise Data Security with Secure Mobile File Sharing.
A c c e l l i o n S e c u r i t y O v e r v i e w Ensuring Enterprise Data Security with Secure Mobile File Sharing. Accellion, Inc. Tel +1 650 485-4300 1804 Embarcadero Road Fax +1 650 485-4308 Suite
More informationBUILT FOR YOU. Contents. Cloudmore Exchange
BUILT FOR YOU Introduction is designed so it is as cost effective as possible for you to configure, provision and manage to a specification to suit your organisation. With a proven history of delivering
More informationTONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES. Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1
TONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1 Table of Contents 1. Operational Security 2. Physical Security 3. Network
More informationAutodesk PLM 360 Security Whitepaper
Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure
More informationService Description Email Filtering
Service Description Email Filtering Table of Contents Overview iomart Email Filtering... 3 iomart Email Filtering Features... 3 Technical Features... 3 Anti-Spam... 3 Cost Reduction... 4 Anti-Virus...
More informationComparative study of security parameters by Cloud Providers
Comparative study of security parameters by Cloud Providers Manish Kumar Aery 1 Faculty of Computer Applications, Global Infotech Institute of IT & Management (LPUDE) aery.manish1@gmail.com, Sumit Gupta
More informationTECHNOLOGY OVERVIEW INTRONIS CLOUD BACKUP & RECOVERY
INTRONIS CLOUD BACKUP & RECOVERY TECHNOLOGY OVERVIEW CONTENTS Introduction 3 Ease-of-Use 3 Simple Installation 3 Automatic Backup 3 Backup Status Dashboard 4 Off-Site Storage 4 Scalability 4 File Restoration
More informationUnderstanding Sage CRM Cloud
Understanding Sage CRM Cloud Data centre and platform security whitepaper Document version 2016 Table of Contents 1.0 Introduction 3 2.0 Sage CRM Cloud Data centre Infrastructure 4 2.1 Site location 4
More informationService Definition Document
Service Definition Document QinetiQ Secure Cloud Protective Monitoring Service (AWARE) QinetiQ Secure Cloud Protective Monitoring Service (DETER) Secure Multi-Tenant Protective Monitoring Service (AWARE)
More informationWICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise
WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise WICKSoft Corporation http://www.wicksoft.com Copyright WICKSoft 2007. WICKSoft Mobile Documents
More informationNetwork Security Policy
IGMT/15/036 Network Security Policy Date Approved: 24/02/15 Approved by: HSB Date of review: 20/02/16 Policy Ref: TSM.POL-07-12-0100 Issue: 2 Division/Department: Nottinghamshire Health Informatics Service
More informationSTRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction
Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,
More informationPerceptive Software Platform Services
Perceptive Software Platform Services CLOUD SOLUTIONS process and content management Perceptive Software Platform Services Perceptive Software process and content management systems have been deployed
More informationManaging for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud
Deploying and Managing Private Clouds The Essentials Series Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud sponsored by Managing for the Long Term: Keys to
More informationTable of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.
FME Cloud Security Table of Contents FME Cloud Architecture Overview Secure Operations I. Backup II. Data Governance and Privacy III. Destruction of Data IV. Incident Reporting V. Development VI. Customer
More informationSecurity Architecture Whitepaper
Security Architecture Whitepaper 2015 by Network2Share Pty Ltd. All rights reserved. 1 Table of Contents CloudFileSync Security 1 Introduction 1 Data Security 2 Local Encryption - Data on the local computer
More information