White Paper. BD Assurity Linc Software Security. Overview



Similar documents
Security Guide for the BD Remote Instrument Support Solution BD Biosciences workstations

Information security guidelines

FileCloud Security FAQ

Preparing BD Systems for Data Migration. Summary of the Upgrade Process on page 6. Copying User Data Files onto an Upgraded System on page 7

LAB FORWARD. WITH PROService REMOTE SERVICE APPLICATION. Frequently Asked Questions

BlackShield ID Agent for Remote Web Workplace

Copyright Telerad Tech RADSpa. HIPAA Compliance

Security Whitepaper. NetTec NSI Philosophy. Best Practices

Security Considerations

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

2X SecureRemoteDesktop. Version 1.1

Novell Access Manager SSL Virtual Private Network

Windows OS Security/Critical Patch List for BD Workstations

Securing the Service Desk in the Cloud

CHIS, Inc. Privacy General Guidelines

Security FAQs (Frequently Asked Questions) for Xerox Remote Print Services

Security Overview Enterprise-Class Secure Mobile File Sharing

A Decision Maker s Guide to Securing an IT Infrastructure

Research Information Security Guideline

How To Set Up Safetica Insight 9 (Safetica) For A Safetrica Management Service (Sms) For An Ipad Or Ipad (Smb) (Sbc) (For A Safetaica) (

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

CONTENTS. PCI DSS Compliance Guide

Mobile Admin Security

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Estate Agents Authority

HP IMC Firewall Manager

PRIVACY, SECURITY AND THE VOLLY SERVICE

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Electronic Prescribing of Controlled Substances Technical Framework Panel. Mark Gingrich, RxHub LLC July 11, 2006

Implementation Guide

Windows OS Security/Critical Patch List for BD Workstations

Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire

How to Secure a Groove Manager Web Site

Unit 6 Research Project. Eddie S. Jackson. Kaplan University. IT540: Management of Information Security. Kenneth L. Flick, Ph.D.

Projectplace: A Secure Project Collaboration Solution

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Famly ApS: Overview of Security Processes

Quick Setup Guide. 2 System requirements and licensing Kerio Technologies s.r.o. All rights reserved.

PANO MANAGER CONNECTOR FOR SCVMM& HYPER-V

Sync Security and Privacy Brief

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

Network Configuration Settings

Xerox Digital Alternatives Security and Evaluation Guide. May 2015 Version 1.1

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

redcoal SMS for MS Outlook and Lotus Notes

Xcalibur Global Version 1.2 Installation Guide Document Version 3.0

Network Access Control ProCurve and Microsoft NAP Integration

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

S E C U R I T Y A S S E S S M E N T : B o m g a r B o x T M. Bomgar. Product Penetration Test. September 2010

Rule 4-004G Payment Card Industry (PCI) Remote and Mobile Access Security (proposed)

WhatsUpGold. v14.2. Getting Started with WhatsUp Gold MSP Edition

Supplier Information Security Addendum for GE Restricted Data

QLIKVIEW MOBILE SECURITY

The Essential Security Checklist. for Enterprise Endpoint Backup

Payment Card Industry Self-Assessment Questionnaire

How To Secure An Rsa Authentication Agent

Security Controls for the Autodesk 360 Managed Services

Did you know your security solution can help with PCI compliance too?

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Xerox SMart esolutions. Security White Paper

Credit Card Security

Quick Start Guide for VMware and Windows 7

Guideline on Auditing and Log Management

S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s

Global Partner Management Notice

Connectivity to Polycom RealPresence Platform Source Data

Sygate Secure Enterprise and Alcatel

Achieving PCI-Compliance through Cyberoam

SecureAge SecureDs Data Breach Prevention Solution

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version and higher

Strong Authentication for Microsoft SharePoint

CBIO Security White Paper

LifeCyclePlus Version 1

How Reflection Software Facilitates PCI DSS Compliance

HP A-IMC Firewall Manager


WebEx Security Overview Security Documentation

H.I.P.A.A. Compliance Made Easy Products and Services

MaaS360 Mobile Enterprise Gateway

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.

HIPAA Compliance and Wireless Networks

BMC s Security Strategy for ITSM in the SaaS Environment

Section 12 MUST BE COMPLETED BY: 4/22

How To Achieve Pca Compliance With Redhat Enterprise Linux

System Management. What are my options for deploying System Management on remote computers?

WHITE PAPER. Support for the HIPAA Security Rule RadWhere 3.0

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak CR V4.1

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Kaseya IT Automation Framework

Xerox DocuShare Security Features. Security White Paper

The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements:

Projetex 9 Workstation Setup Quick Start Guide 2012 Advanced International Translations

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud

MIGRATIONWIZ SECURITY OVERVIEW

Oracle Hospitality OPERA Cloud Services Security Guide Release 1.20 Part Number: E April 2016

Transcription:

Contents 1 Overview 2 System Architecture 3 Network Settings 4 Security Configurations 5 Data Privacy and Security Measures 6 Security Recommendations Overview This white paper provides information about the security features of BD Assurity Linc remote systems management software, which is installed on a BD workstation and connected to a BD instrument. The BD Assurity Linc connection enables BD to monitor your instruments and, as a result, provide you with fast and efficient service and support. BD Assurity Linc software is powered by Axeda Corporation, a leader in remote service connections for highly secure environments such as government, banking, healthcare, data centers, and manufacturing.

System Architecture BD Technical Support Groups BD Assurity Linc Application Server BD Assurity Linc Cloud BD FACSVerse BD FACSCanto BD Workstation BD Assurity Linc Software BD Workstation BD Assurity Linc Software Figure 1. BD Assurity Linc communication structure Each component of the BD Assurity Linc system is designed to provide security while keeping implementation as simple as possible. BD Assurity Linc Software BD Assurity Linc software runs as a service on a BD workstation and collects data from an instrument. The software monitors the health of the instrument and sends small amounts of status information to BD Customer Support. When you contact BD to report a problem or ask a question, BD support staff can view this data and, with your permission, open a secure, firewall-friendly connection to your system. BD uses this connection to diagnose the problem or assist you with system operation. Secures the BD workstation from attack. All communications between the BD workstation and BD Assurity Linc Cloud server are encrypted using 128-bit Secure Socket Layer (SSL) and Advanced Encryption Standard (AES) for secure transmission of data. SSL provides a protocol for transmitting private data using the internet and encryption, and provides authentication to ensure that both the sender and receiver of data are known to each other. This protects data from unauthorized access during transit. All outbound communications are initiated using the HTTPS protocol exclusively on port 443. The software initiates all communication and transmits only to a BD Assurity Linc Cloud server having an appropriate SSL certificate. Leverages existing security infrastructure. The BD workstation resides inside your network and receives the same network security protection as all other computers within your organization. No public IP address is required. Simplifies BD workstation deployment. BD Assurity Linc software supports Dynamic Host Configuration Protocol (DHCP) and Network Address Translation (NAT), which facilitates setup within your environment. Your local IT staff does not need to change the existing network settings or security configuration. Once connected to the local network, the BD workstation is ready to communicate.

Page 3 BD Assurity Linc Cloud Server The BD Assurity Linc Cloud server provides a secure, scalable infrastructure for maintaining connection with BD Assurity Linc software. This server maintains extensive audit logs of all user-access requests and all application functions performed on BD instruments. Audit logs provide comprehensive reporting capabilities and allow BD to ensure complete accountability for activities performed by BD personnel. Examples of audited functions include user logins, rule creation or modification, file transfers, and remote access sessions. BD Assurity Linc Cloud operations are certified to meet the ISO Standard 27001 Information Security Management System (ISMS) framework. BD Assurity Linc Application Server The BD Assurity Linc Application server hosts tools that BD service and support personnel use to monitor and maintain your instruments for maximum uptime and operational availability. It resides in a highly secure environment and is accessible only by BD employees. BD follows industry standard security measures. Access to the BD Assurity Linc Application server requires username and password authentication, and user-access security is addressed in the following two ways: Activity-based access control. Limits BD personnel s access to only the application functions that are required to perform their specific roles. Device-based access control. Limits BD personnel s access to only the customer s instruments to which they have been granted access. Network Settings for BD Assurity Linc Communication For BD Assurity Linc software to communicate with the BD Assurity Linc Cloud server, standard HTTPS traffic from the workstation to the internet should be permitted on port 443. Communication to the BD Assurity Linc Cloud server and at least two of the Global Access servers must be enabled. If your network uses an Access Control List (ACL) or hosts file to restrict outbound internet communications, please include the following entries: IP Address URL Description 209.202.167.31 bd.axeda.com Assurity Linc Cloud 89.234.8.217 ghuk1.axeda.com Global Access Server UK 209.202.157.179 ghsom1.axeda.com Global Access Server Boston, MA USA 198.66.245.39 ghsj1.axeda.com Global Access Server San Jose, CA USA 124.40.23.210 ghjap1.axeda.com Global Access Server Japan 122.202.65.179 gas-aus.axeda.com Global Access Server Australia

Security Configuration of BD Workstations Users need to configure BD workstations to ensure a reasonable level of security for systems connected to their network. Note: Before you begin this process, read the Information Security Guidelines document (23-14533-00), which can be downloaded from bdbiosciences.com. This document provides recommendations on how to manage antivirus software, Microsoft updates, Microsoft Windows user account permissions, software firewalls, and removable storage media security. BD s responsibility BD is responsible for configuring the BD workstation with a default system image. Note: BD workstations run on the Microsoft Windows XP operating system (OS) with Service Pack 3 or the Microsoft Windows 7 Professional OS with Service Pack 1 or later. Customer s responsibility Customers must ensure that the guidelines in the Information Security Guidelines document are implemented so that antivirus and Windows updates are installed and maintained on the BD workstation, and that if enabled, a software firewall is configured correctly. Customers may choose to enable individual Windows user accounts with limited access to the workstation. Windows Administrator accounts should be restricted to Lab managers, IT administrator(s), and BD service personnel. Note: BD strongly advises against installing security-related software in addition to antivirus, Microsoft security updates, and software firewalls on the BD workstation. Doing so invalidates any regulatory or quality marking that the system might carry. BD will not be liable for any impact of the additional software on the quality of results produced by BD Biosciences software and/or instrumentation if any additional software has been installed on the BD Biosciences workstation. User accounts The Windows 7 Professional OS is preconfigured with three Windows user accounts: Admin. Administrator account for local IT administrator(s) BDFSE. Administrator account for BD field service personnel. Operator. Limited account for local instrument operators. Refer to the Information Security Guidelines document for information about user account permissions, if additional limited Windows accounts for operators are required. Firewall The Windows firewall is enabled by default. If you prefer to install and configure your own software firewall, refer to the Information Security Guidelines document.

Page 5 BD Data Privacy and Organizational Security Measures BD has implemented systems to ensure reasonable data privacy and security while operating BD Assurity Linc software. BD s Instrument Remote Support Privacy Procedure complies with applicable privacy laws and helps ensure that: Remote access to a customer s network and instrumentation will be implemented only upon agreement with the customer. Training is provided for all BD support personnel so that they understand and comply with BD s internal data privacy policy. All BD personnel who might inadvertently be exposed to Protected Health Information (PHI) as a consequence of supporting our customers understand their responsibility to maintain such information in confidence. All BD support personnel sign a non-disclosure of PHI agreement. Auditable records are kept of each customer with whom remote service has been agreed upon, detailing the end of the agreement. Records also will be kept in the event of remote service being provided by a third party, if agreed to by the customer. We also have implemented a range of measures to ensure that information access and control can be managed in a secure fashion. These measures include, but are not limited to: A comprehensive security management system to ensure that users are given access only to information and information systems as required by their role in the organization. User training and awareness on data privacy and confidentiality. Physical security measures to ensure that non-authorized users cannot enter BD premises. This includes physical access restrictions to data servers and data hosting environments for non-authorized personnel. Access to and permissions on BD business desktops, laptops, and data and application servers are controlled by a combination of two-factor authentication and Microsoft Group policies. Additionally, Virtual Private Network (VPN) authentication is required for BD users accessing BD systems from outside the BD network. Password complexity and expiration policies are in place to ensure that passwords cannot easily be compromised. Systems connected to the BD network are protected from external security risks with a combination of hardware firewalls, antivirus software, intrusion prevention systems, and regular updating with Microsoft security updates. Hard disks of decommissioned computers are erased using the US Department of Defense compliant software. This software erases the contents of the hard disk multiple times to ensure that no data remains on the hard disk. Access and use of BD information systems are auditable. BD personnel are trained in and expected to comply with the Acceptable Use policy of BD business systems and information systems. Random checks are carried out by BD to ensure that all personnel act according to this policy. BD conducts random audits to ensure that the internal data privacy policy is respected and that any deviations from the policy are addressed in a timely manner.

BD Recommendations for Practical Security Measures Customers can take additional measures to improve the overall security of BD workstations connected to the customer s network and the internet. The following measures are acceptable to safeguard the data on workstations provided they do not involve installation of third-party hardware or software: Information security management system/privacy and data protection management system Physical security Access controls Security and privacy technologies Awareness, training, and security checks in relation to personnel Incident/response management/business continuity Audit controls/due diligence

Page 7

2014, Becton, Dickinson and Company. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in retrieval systems, or translated into any language or computer language, in any form or by any means: electronic, mechanical, magnetic, optical, chemical, manual, or otherwise, without permission from BD Biosciences. The information in this document is subject to change without notice. BD Biosciences reserves the right to change its products and services at any time to incorporate the latest technological developments. Although this guide has been prepared with every precaution to ensure accuracy, BD Biosciences assumes no liability for any errors or omissions or for any damages resulting from the application or use of this information. BD Biosciences welcomes customer input on corrections and suggestions for improvement. For Research Use Only. Not for use in diagnostic or therapeutic procedures. Axeda is a registered trademark of Axeda Corporation. Microsoft and Windows are registered trademarks of Microsoft Corporation in the United States and other countries. BD, BD Logo and all other trademarks are property of Becton, Dickinson and Company. 2014 BD 23-15755-00 BD Biosciences bdbiosciences.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information