GOVERNMENT HOSTING. Cloud Service Security Principles Memset Statement. www.memset.com



Similar documents
Thales Service Definition for IL3 Encrypted Overlay for Cloud Services

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 2.1, Issue Date: 05/02/201405/02/2014. Classification: Open

GPG13 Protective Monitoring. Service Definition

Thales Service Definition for NOC Services for Cloud

PSN Protective Monitoring. Service Definition

How To Secure Cloud Compute At Eduserv

Big Data Analytics Service Definition G-Cloud 7

Connecting to the Cloud. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 01/12/2014. Classification: Open

Service description RFL Virtual Data Centre

A. Reference information. A0. G-Cloud Programme unique ID number for the service and version number of this scoping template

Committees Date: Subject: Public Report of: For Information Summary

Service Definition Document

G-Cloud Service Definition. Atos Infrastructure as a Service (IL3) for Cloud IaaS

Vodafone Total Managed Mobility

Dedicated Compute Cloud. Lot 1 - Infrastructure as a Service. Version: 1.0, Issue Date: 09/12/2014. Classification: Open

Thales Service Definition for PSN Secure Gateway Service for Cloud Services

Remote Access Service (RAS)

service description Document Management in the Cloud Software as a Service

Managed Backup. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 05/02/2014. Classification: Open

IBM G-Cloud Microsoft Windows Active Directory as a Service

Vodafone Private Cloud

How to gain accreditation for a G-Cloud Service

Application Management. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 05/02/2014. Classification: Open

WebFOCUS Cloud Express. The WebFOCUS Cloud Express service is delivered as a managed G-Cloud service by Amtex Solutions Ltd.

Cloud Infrastructure Security Management

G-Cloud 6 brightsolid Secure Cloud Servers. Service Definition Document

white paper CLOUD SERVICES AND THE GOVERNMENT SECURITY CLASSIFICATIONS POLICY

service description , SharePoint and File Archive in the Cloud Software as a Service

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

Virtual Desktop Infrastructure Platform as a Service

easy to adopt, easy to use, easy to leave service description API accessible Cloud Storage IaaS version 5.1

HMG Security Policy Framework

An overview of Electronic Medical Records as a Service

Growth Through Excellence

SERVICE DEFINITION G-CLOUD 7 SECURE FILE TRANSFER DIODE. Classification: Open

CSC GOVCLOUD MULTI-TENANT IAAS

G-CLOUD 7 - VIRTUAL ASSET MANAGER (VAM) SPECIALIST CLOUD SERVICES (SCS)

With Great Power comes Great Responsibility: Managing Privileged Users

SQL Server Database as a Service (DBaaS)

G-Cloud 7 Service Definition. Atos Oracle Cloud ERP Implementation Services

Cloud Enablement. Lot 4 - Specialist Cloud Services. Version: 2.0, Issue Date: 05/02/2014. Classification: Open

Managed Server. Lot 2 - Platform as a Service. Version: 3.0, Issue Date: 05/02/2014. Classification: Open

Sungard Availability Services (UK) Service Description. for. Managed Cloud Services for UK Government Infrastructure-as-a-Service

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

L O C K H E E D M AR T I N API accessible Cloud Storage. Infrastructure as a Service. Commercial-in-Confidence

Secure Remote Backup (IL3) G-Cloud Lot3 IaaS

G-Cloud Service Definition. for. Xicon Cloud SCS - SQL Server Managed Services

G Cloud III Framework Lot 4 (SCS) Project Management

G-CLOUD IIII FRAMEWORK SERVICE DEFINITION: SCHOOLS HOSTED SERVICE FOR SIMS

Government Security Classifications FAQ Sheet 2: Managing Information Risk at OFFICIAL. v2.0 March 2014

Infrastructure as a Service (IaaS) Compute with Secure Storage and Secure Backup

Vodafone secure mail services

IBM Web Server as a Service

SERVICE DEFINITION RESTRICTED MANAGED HOSTING

and Collaboration as a Service. Lot 3 - Software as a Service. Version: 2.0, Issue Date: 05/02/2014. Classification: Open

Cloud Enablement. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 05/02/2014. Classification: Open

How To Get Atos Paas For Free

G-Cloud Service Definition. Canopy Remote Backup for Cloud SaaS

Audit Management. service definition document

1 ForestSafe SaaS Service details Service Description Functional Non Functional

Lot 1 Service Specification MANAGED SECURITY SERVICES

Ensuring security the last barrier to Cloud adoption

ediscovery G-Cloud V Service Definition Lot 4 SCS Contact us: Danielle Pratt Tel: G-Cloud@esynergy-solutions.co.

Assured Public Cloud Foundry. Lot 2 - Platform as a Service. Version: 1.0, Issue Date: 05/02/2014. Classification: Open

THE BLUENOSE SECURITY FRAMEWORK

Online Backup Service Definition

G-CLOUD FRAMEWORK RM1557-vi 5DRIVE PERSONAL CLOUD BACKUP

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

Cloud Storage. Lot 1 - Infrastructure as a Service. Version: 3.0, Issue Date: 03/12/2014. Classification: Open

How To Help Your Business Succeed

Agilisys G-Cloud Service V

Get Better Protected... Secure data sharing made possible with Updata s Encryption Overlay Service.

Service Description for Hadoop in the Cloud

Service Description Archive Storage in the Cloud

Solution Overview. Our Solution employs two tiers of storage aligning costs of storage with the changing value of data over time.

Service Definition Nine23 MDM

Securing the Service Desk in the Cloud

Open Source Sales Force Automation (SFA) in the Cloud SaaS

Transcription:

GOVERNMENT HOSTING Cloud Service Security Principles Memset Statement

Summary - March 2014 The Cabinet Office has produced a set of fourteen Cloud Service Security Principles to be considered when purchasers are evaluating the security features of cloud services (https://www.gov.uk/government/publications/cloud-servicesecurity-principles). Memset s GCloud services conform to all of the Cloud Service Security Principles. Our services all fall within the scope of our ISO27001 Certification, and additionally our IL2 and IL3 accredited services have CESG Pan Government Accreditation (PGA) to IL2 or IL3 as appropriate. ISO Certification is granted by an independent external assurer, and PGA accreditation is external and supported by IT Health Checks undertaken by independent CHECK consultants. Hence the security of our services has been rigorously assured by independent external bodies and consumers can be confident that we conform to the Principles. As we conform to the Cloud Service Security Principles, our services are suitable for use with OFFICIAL data. IL3 accredited services are suitable for all OFFICIAL data, IL2 accredited services are suitable for OFFICIAL data which is moderately sensitive and our IL0 services can be used for OFFICIAL data not requiring particular protection. Data owners will need to decide on the most suitable services based on the particular nature of their data. The following additional information on each of the Security Principles is intended to help consumers to decide which service is most suitable for their circumstances. Memset is happy to discuss the services or provide additional information as required to enable consumers to be sure they are selecting the most appropriate service for their needs. 2

Memset s GCloud services conform to all of the fourteen Cloud Service Security Principles as follows: 1. Data in transit protection IL3 services are only available via PSN which provides assured protection between our locations and the consumer s locations. Our systems provide the protection required to achieve their level of certification. Consumers can add endto-end encryption over our IL0 and IL2 services if they wish. Customers are responsible for the management of data in transit protection required for the accreditation of their solution. 2. Asset protection and resilience Appropriate physical security measures are in place with access control to office and data centre environments. For our IL3 services, we have protective measures in place which provide for aggregation of IL3 data. We are a UK company with our data centres and office being UK-based. Our data centres and service management facilities are subject to ISO 27001, IL2 and IL3 assurance as appropriate to the service, covering confidentiality, integrity and availability aspects. 3. Separation between consumers Appropriate separation and segregation has been designed into our systems from the outset and has been assured through the ISO27001 and PGA accreditation processes, including our IT Health Checks. Each consumer has dedicated server resources, and infrastructure and network resources have separation suitable for the type of service (ie public or private cloud). 4. Governance Our security governance framework is well established and conforms to ISO27001 and CESG requirements. We have a named Senior Information Risk Owner (SIRO) and Security Manager, and they and other appropriate roles have defined responsibilities for the security of our cloud services. 5. Operational security We have assured processes, procedures and tools in place covering all aspects of operational security including the management of change, configuration, vulnerabilities, incidents and protective monitoring. 6. Personnel security All Memset staff are checked to the Baseline Personnel Security Standard (BPSS) and staff who potentially have access to data in the IL3 domain also have Security Check (SC) clearance. A role-based approach is taken to ensure that staff are appropriately cleared and only have access to the systems and data they require for their role. 7. Secure development All aspects of the development of our services are protected and security is regularly reviewed, evolved and maintained to meet new threats. 3

8. Supply chain security Our supply chain is covered by the scope of our certifications and accreditation so is externally assured as being suitably protected to support our services. Our supply chain is simple, thus making it easier to ensure that it is suitable for our services. 9. Secure consumer management We provide consumers with the tools they need to securely manage their use of our services through management and support channels and make clear their responsibilities for the protection of their own data. 10. Secure on-boarding and off-boarding Our services are provisioned in a known good state and make clear the customers responsibility for further hardening to their specific requirements. We handle the deletion of data when they leave the service, and the destruction of physical media, in an approved and assured manner. 11. Service interface protection All interfaces and connections are protected by means appropriate to the level of the service, such as firewalls and access controls, and have been assured through our certification and accreditation processes. 12. Secure service administration Networks, connections, devices and processes used for service administration have been designed and implemented to be secure and have been externally assured. 13. Audit information provision to tenants Consumers can be provided with the information they require to monitor the access to the services they have obtained from us. Services are self-managed by the consumers who as such have freedom to implement the monitoring framework most suited to their needs. Responsibilities for the monitoring of access and use of the customer s services are clearly defined. 14. Secure use of the service by the consumer Our agreements set out the requirements on the consumer to ensure that they are using our services in an appropriate manner to deliver a secure overall solution incorporating our services. Consumers of our IL3 services must have signed up to a PSN Code of Connection. Further Information For further information on the way Memset meets the principles or a more general discussion on the security of our services, please contact a Memset sales person, your account manager or submit a support ticket. 4

Get in touch: sales@memset.com 0800 634 9270 (Freephone) +44 (0)1483 608010 (International) Registered company No. 4504980 VAT number: GB 794 1313 25

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information