AdminiTrack Security Statement



Similar documents
FINRA Regulation Filing Application Batch Submissions

In addition to assisting with the disaster planning process, it is hoped this document will also::

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

The ADVANTAGE of Cloud Based Computing:

Information Services Hosting Arrangements

First Global Data Corp.

iphone Mobile Application Guide Version 2.2.2

Service Desk Self Service Overview

GUIDANCE FOR BUSINESS ASSOCIATES

Firewall/Proxy Server Settings to Access Hosted Environment. For Access Control Method (also known as access lists and usually used on routers)

Using PayPal Website Payments Pro UK with ProductCart

Volume THURSTON COUNTY CLERK S OFFICE. e-file SECURE FTP Site (January 2011) User Guide

990 e-postcard FAQ. Is there a charge to file form 990-N (e-postcard)? No, the e-postcard system is completely free.

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

SaaS Listing CA Cloud Service Management

Understand Business Continuity

VCU Payment Card Policy

ViPNet VPN in Cisco Environment. Supplement to ViPNet Documentation

Introduction to Mindjet MindManager Server

State of Wisconsin. File Server Service Service Offering Definition

AMWA Chapter Subgroups on LinkedIn Guidance for Subgroup Managers and Chapter Leaders, updated

Systems Support - Extended

HIPAA HITECH ACT Compliance, Review and Training Services

State Bank Virtual Card FAQs

Ensuring end-to-end protection of video integrity

Implementing SQL Manage Quick Guide

Disk Redundancy (RAID)

KronoDesk Migration and Integration Guide Inflectra Corporation

Data Protection Policy & Procedure

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

SBClient and Microsoft Windows Terminal Server (Including Citrix Server)

HP ExpertOne. HP2-T21: Administering HP Server Solutions. Table of Contents

Security in Business and Applications. Madison Hajeb Stefan Hurst Benjamin Von Slade

WEB APPLICATION SECURITY TESTING

Access EEC s Web Applications... 2 View Messages from EEC... 3 Sign In as a Returning User... 3

Integrating With incontact dbprovider & Screen Pops

Christchurch Polytechnic Institute of Technology Access Control Security Standard

Personal Data Security Breach Management Policy

Cloud Services Frequently Asked Questions FAQ

RECOMMENDATIONS SECURITY ONLINE BANK TRANSACTIONS. interests in the use of IT services, such as online bank services of Société Générale de Banques au

PROTIVITI FLASH REPORT

Serv-U Distributed Architecture Guide

Customers FAQs for Webroot SecureAnywhere Identity Shield

AML Internet Manor Court, Manor Farm House, London Road, Derby, Derbyshire, DE72 2GR. Tel: Fax:

IN-HOUSE OR OUTSOURCED BILLING

FAQs for Webroot SecureAnywhere Identity Shield

ACTIVITY MONITOR Real Time Monitor Employee Activity Monitor

Monthly All IFS files, all Libraries, security and configuration data

Helpdesk Support Tickets & Knowledgebase

Licensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite

Mobilizing Healthcare Staff with Cloud Services

Often people have questions about new or enhanced services. This is a list of commonly asked questions and answers regarding our new WebMail format.

Adobe Sign. Enabling Single Sign-On with SAML Reference Guide

IT Account and Access Procedure

Data Protection Act Data security breach management

AvePoint High Speed Migration Supplementary Tools

Treasury Gateway Getting Started Guide

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.

Internet and Policy User s Guide

Installation Guide Marshal Reporting Console

The Relativity Appliance Installation Guide

Bill Payment Agreement & Disclosures

Merchant Processes and Procedures

What Does Specialty Own Occupation Really Mean?

URM 11g Implementation Tips, Tricks & Gotchas ALAN MACKENTHUN FISHBOWL SOLUTIONS, INC.

Symantec User Authentication Service Level Agreement

System Business Continuity Classification

Mobile Deployment Guide For Apple ios

STIOffice Integration Installation, FAQ and Troubleshooting

BackupAssist SQL Add-on

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES

Training Script: Documenting Provider

QBT - Making business travel simple

OR 2) Implement and customize an off the shelf product that would suit the requirements

Online Banking Agreement

StarterPak: Dynamics CRM On-Premise to Dynamics Online Migration - Option 2. Version 1.0

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010

Licensing Windows Server 2012 for use with virtualization technologies

MaaS360 Cloud Extender

Getting Started Guide

White Paper for Mobile Workforce Management and Monitoring Copyright 2014 by Patrol-IT Inc.

BASIC TECHNICAL FEATURE DESCRIPTION

Session 9 : Information Security and Risk

Transcription:

Issue and Defect Tracking Fr prfessinal develpment teams AdminiTrack Security Statement www.adminitrack.cm Last updated n January 30, 2012 2000-2012., all rights reserved. Unauthrized use is prhibited.

AdminiTrack Issue and Defect Tracking fr Prfessinal Sftware Develpment Teams By., Atlanta, GA USA AdminiTrack is a web-based,hsted applicatin fr sftware develpment teams that permits develpers, quality assurance testers, prject managers, business spnsrs and ther staff t share vital prject infrmatin quickly and easily frm anywhere in the wrld. Lcal applicatins installed n yur netwrk are t limiting when yur team members, users and custmers may be in multiple lcatins and need infrmatin nw, nt later. The applicatin is hsted by AdminiTrack.cm in a state-f-the-art data center s all f the implementatin, database design, internet access, maintenance and security have been taken care f fr yu. All yu have t d is setup yur users and prjects and start sharing vital infrmatin abut yur prject. AdminiTrack was designed t be fast and easy t use, yet prvide all the features yu wuld expect in a premier applicatin. Find ut what thers already have knwn frm small cnsulting cmpanies t Frtune 500 cmpanies arund the wrld. AdminiTrack is the cst effective slutin that n sftware develpment prject shuld be withut.

2000-2012., all rights reserved. All rights reserved. N parts f this wrk may be reprduced in any frm r by any means - graphic, electrnic, r mechanical, including phtcpying, recrding, taping, r infrmatin strage and retrieval systems - withut the written permissin f the publisher. Prducts that are referred t in this dcument may be either trademarks and/r registered trademarks f the respective wners. The publisher and the authr make n claim t these trademarks. While every precautin has been taken in the preparatin f this dcument, the publisher and the authr assume n respnsibility fr errrs r missins, r fr damages resulting frm the use f infrmatin cntained in this dcument r frm the use f prgrams and surce cde that may accmpany it. In n event shall the publisher and the authr be liable fr any lss f prfit r any ther cmmercial damage caused r alleged t have been caused directly r indirectly by this dcument.

Table f Cntents 1.1 Purpse... 1 1.2 Cmpany Backgrund... 1 1.3 Data Center Security... 1 1.4 Crprate Security... 2 1.5 Systems Security... 2 1.5.1 Netwrk, Anti-Intrusin and Virus Scanning... 2 1.5.2 Delineatin f Custmer Data acrss Accunts... 3 1.5.3 Custmer Data Backups... 4 1.6 Uptime and Availability... 4 1.7 Custmer Respnsibility... 5 1.7.1 Sample Passcde Plicy... 5 1.7.2 Cntrlling Applicatin Sessins... 5 2000-2012,., all rights reserved i

1.1 Purpse This dcument is intended t prvide basic security infrmatin fr current and prspective custmers/subscribers f the AdminiTrack Issue and Defect Tracking applicatin. Sme details cannt be prvided fr security reasns. Cntact AdminiTrack at supprt@adminitrack.cm if yu have specific questins r cncerns nt addressed in this dcument. 1.2 Cmpany Backgrund AdminiTrack is privately held cmpany which was c-funded in 2000 by technlgy industry experts (Dn Draper and Krishen Kta) wh have a cmbined 35+ years f experience in infrmatin technlgy and enterprise cmputing within the crprate and gvernment agency envirnments. Develpment n AdminiTrack started in 1999. The cmpany was incrprated in 2000 (Atlanta, Gergia, USA - Gergia Secretary f State cntrl#: 0052529), and the AdminiTrack Issue Tracking system went live in mid-2001. AdminiTrack is a privately held and prfitable crpratin that has cnsistently grwn its custmer base since the system went live. The cmpany's success has been based n prviding a pwerful, yet easy-t-learn web-based applicatin backed by respnsive custmer supprt. AdminiTrack currently serves custmers in ver 20 different cuntries. AdminiTrack takes security very seriusly and emplys industry standard prcesses and practices t ensure custmers' data are safe. AdminiTrack hsts the issue and defect tracking system fr Glbal 1000 cmpanies arund the wrld. Unlike its cmpetitrs, AdminiTrack des nt advertise r disclse its custmers identities in rder t prvide an additinal layer f prtectin. We feel that while advertising ur mre prminent custmers wuld bring us mre business, it culd als make us a target fr adversarial persns r grups seeking t gain access t ur custmer s knwledge base. Select custmer references can be prvided upn request and are available nly thrugh the express written cnsent f thse custmers. While n system is cmpletely safe frm attack, AdminiTrack emplys all industry standard techniques t safeguard ur systems and yur data. 1.3 Data Center Security AdminiTrack perates in a state-f-the-art data center (www.qualitytech.cm, frmerly www.edeltacm.cm) lcated in Atlanta, GA. This is a 376,000 sq. ft. unmarked facility emplying arund-the-clck security and technlgy persnnel. Security features fr this data center include but are nt limited t: The building is unmarked with n signage. 2000-2012,., all rights reserved 1

Hidden physical barriers prvide physical prtectin t the building. Physical check-in by security persnnel 24 hurs per day required t reach data center flr. Electrnic badge access is required t access the data center flr. Three bimetrically prtected check pints utilizing bth finger-print and retinal scan technlgy must be passed t reach data center flr. Emplys multiple, redundant Internet access feeds frm multiple prviders. Emplys dual pwer feeds frm Gergia Pwer with the ability t keep pwer t ur systems up fr weeks in the unlikely event f a massive pwer lss. This is dne using undergrund flywheel pwer generatin and advanced pwer-systems technlgy. Many ther well-knwn cmpanies have hsted systems at this same facility including Ggle.cm. 1.4 Crprate Security Due t AdminiTrack s tightly fcused, high-quality ffering, all staff members are rigrusly screened and backgrund verified. In additin, each staff member signs a nn-disclsure agreement (NDA) in regards t crprate and custmer data. All AdminiTrack technical staff members are cnsidered amng the best and mst talented in their respective areas f expertise. AdminiTrack als fllws and implements the security standards f the Payment Card Industry (PCI) Data Security Standards. While these standards are targeted tward nline payment systems, the security recmmendatins are excellent cvering a brad spectrum f best practices. These standards are supprted by many respected industry leaders including Symantec, Verisign, and Authrize.net. AdminiTrack is Verisign Secured site and an Authrize.net Verified merchant. 1.5 Systems Security AdminiTrack emplys industry standard security sftware and hardware at varius levels thrughut ur netwrk. 1.5.1 Netwrk, Anti-Intrusin and Virus Scanning Fr netwrk security, we run behind advanced firewalls alng with hardware and sftware based anti-intrusin detectin systems t mnitr and pr-actively prtect ur systems that must cmmunicate directly with the Internet. All f ur systems stay updated n current security patches and security audits are rutinely run t ensure n gaps have pened up. 2000-2012,., all rights reserved 2

Bth anti-intrusin and virus scanning are deplyed at ur netwrk edge (security appliances), in ur email servers and again at each server. This apprach prvides us with multiple layers f prtectin and added intrusin detectin capability. AdminiTrack utilizes Virtual Private Netwrking (VPN) fr all access t ur systems by crprate persnnel. This is an industry standard technique utilizing high-levels f encryptin and data security t prtect against data packet sniffing and ther public wire techniques t btain data. All access using ur VPN requires internal sftware, is passcde prtected and fully lgged by user identity. Secure data access t the AdminiTrack applicatin is prvided but nt enfrced by default. Traffic between yur clients and ur servers may be encrypted by tw ptins: If yu prefix yur requests with HTTPS, the cnnectin between client and servers will use 128-bit secure sckets (SSL), an industry standard frm f encryptin security. Upn request, we can enable enfrced SSL fr yur accunt. This ptin will frce all access t yur accunt t use SSL by prefixing the request with HTTPS. The system administratr fr yu accunt may cntact supprt@adminitrack.cm and request this ptin. All custmer data is stred in an enterprise SQL server database including attachments which are upladed as dcuments either t a prject r t an issue. N data is accessible frm the file system which prvides anther level f prtectin. Access t the AdminiTrack applicatin is lgged at multiple levels including web servers, database servers, anti-intrusin systems, email systems, and public facing firewalls including VPN access. Applicatin user lgins are lgged including surce lgin credentials, surce IP, User Agent and mre. Lgs are peridically reviewed fr any signs f inapprpriate use and any suspicius users may be blcked at the firewalls and servers by IP address r by user accunt r bth. AdminiTrack reserves the right t blck any knwn entities that we feel may be inapprpriately using the system. Our systems are mnitred arund the clck frm bth nsite and ffsite lcatins with manned and autmated ntificatins t engineers shuld a prblem ccur. Physical access t ur systems is limited t a small number f engineers wh mnitr and maintain them. 1.5.2 Delineatin f Custmer Data acrss Accunts Custmer accunt data is delineated frm each ther by an accunt number that is assigned t each custmer accunt. This number is stred inside a ckie t ppulate the lgin frm and assist users when lgging int the system but is never passed t the applicatin except while lgging int the applicatin where all credentials including passcde are required. Once a user has successfully lgged int the applicatin with prper credentials (three items are required), the accunt number is maintained nly in sessin state n the server. This technique makes it impssible fr smene t pass a knwn accunt number in an attempt t gain access t anther accunt. This is an industry standard technique emplyed by nearly all nline systems including banking, cmmerce and mre. 2000-2012,., all rights reserved 3

1.5.3 Custmer Data Backups Data is maintained n redundant servers utilizing RAID drives and backed up t ht backup servers in real-time. Drive Redundancy with RAID The RAID cncept (Redundant Array f Inexpensive Disks) permits data t be written t multiple, physical hard-disks platters at the same time. This redundancy prvides prtectin in the event that a hard-disk failure ccurs. The mment a hard-disk fails inside the array, anther hard-disk drive knwn as a ht-spare immediately gets a cpy f the data frm the remaining gd drive. Once the ht-spare has been created, the redundancy is restred and the engineers are alerted that the ht-spare drive needs t be replaced. Server Redundancy with Ht-Backup Servers AdminiTrack maintains a ht-backup server fr each prductin server. The htbackup server is a mirrr image f the prductin server in mst respects. Custmer data is peridically shipped (cpied) frm the prductin server t the ht-backup server s that the ht-backup server is never mre than a few minutes behind. In the advent f a catastrphic failure f a prductin server, the ht-backup server can be brught nline and used t replace the failed server. This is anther way that AdminiTrack prvides redundancy f custmer data and prvides fr minimal dwntime in the advent f serius server failure. Off-site Data Strage All custmer data is peridically backed up and mved ff-site by AdminiTrack persnnel at regular intervals. Several days wrth f backups fr issue data is maintained nsite and this data is peridically remved ffsite t prevent a ttal lss f data shuld the data center be cmprmised. 1.6 Uptime and Availability AdminiTrack des nt require cntracts as accunts may be canceled at any time. AdminiTrack can ffer a Service Level Agreement (SLA) fr custmers that require ne and purchase 6 mnths r 1 year f service in advance. Cntact supprt@adminitrack fr further infrmatin regarding this subject. AdminiTrack guarantees a level f uptime and availability t the subscribers. Uptime is defined as the ability f an active user in the Subscriber s accunt t lgin int the AdminiTrack applicatin and access accunt data.. guarantees an uptime f 99% ver the perid f any calendar mnth excluding scheduled dwntime fr maintenance r upgrades. AdminiTrack has nt been ff-line fr mre than tw hurs (excluding scheduled maintenance) since ging nline in 2001. 2000-2012,., all rights reserved 4

While n system can guarantee cmplete prtectin, AdminiTrack takes security seriusly and emplys every pssible slutin t ensure data prtectin, redundancy and availability. 1.7 Custmer Respnsibility The fllwing are recmmended security prcedures fr ur custmers t fllw. Since the majrity f data security breaches ccur frm within an rganizatin, the custmer shares the respnsibility in keeping their data safe. Use the term passcde rather than passwrd t remind users that wrds shuld never be used. Create a passcde plicy if ne is nt already in place. (see belw) Use the Generate Passcde buttn when creating new users fr yur AdminiTrack accunt. This generates a randm passcde f bth letters and numbers and the user may change this later if needed. Cntact AdminiTrack immediately if yu feel yur accunt has been cmprmised in any way. 1.7.1 Sample Passcde Plicy The fllwing items are examples plicy rules that culd serve in a crprate plicy statement cncerning the creatin and use f passcdes. Use f bth upper-case and lwer-case letters (case sensitivity). Use acrnyms r the first letter f wrds in a phrase as part f yur passcde. Inclusin f ne r mre numerical digits r nn-alphanumeric characters. Inclusin f special characters in a passcde. Prhibit the inclusin f wrds fund in a dictinary r crackers list. Prhibit passcdes that are valid calendar dates r license plate numbers. Never share a cmputer accunt with anther user. Never use the same passcde fr mre than ne accunt. Never tell a passcde t anyne, including peple wh claim t be frm custmer service r security. Never write dwn a passcde; if yu cannt remember, d nt use it. Be careful t lg ff befre leaving a cmputer unattended. Change passcdes whenever there is suspicin they may have been cmprmised. 1.7.2 Cntrlling Applicatin Sessins AdminiTrack is the type f applicatin where several minutes t hurs may pass between accesses during a nrmal wrk day. Because sessin states n mst servers will expire after a few minutes withut activity, mst web-based applicatins frce 2000-2012,., all rights reserved 5

the user t lgin again and again thrughut the day which can becme quite annying and time-cnsuming. The AdminiTrack applicatin has a special feature that allws users t maintain their sessin state as lng as they are lgged int the applicatin and the brwser has nt been clsed. This allws users t wrk in the applicatin withut being frced t repeatedly lg int the applicatin if a perid f time has lapsed. Regardless f whether this feature is enabled r nt, lgging ut f the applicatin r clsing the brwser will frce a user t re-lgin again t access the applicatin. Because f this, AdminiTrack encurages users t always lgut f the applicatin anytime they leave their desk. Fr added security, the brwser shuld be clsed as well. Nte: This feature may be disabled by un-checking the Disable Aut Lgff checkbx n the applicatin lgin frm. 2000-2012,., all rights reserved 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information