Information Security & Management Systems



Similar documents
Small Business IT Risk Assessment

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM

IBX Business Network Platform Information Security Controls Document Classification [Public]

Privacy + Security + Integrity

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

White Paper: Librestream Security Overview

CHIS, Inc. Privacy General Guidelines

Secure, Scalable and Reliable Cloud Analytics from FusionOps

FormFire Application and IT Security. White Paper

Client Security Risk Assessment Questionnaire

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

DATA SECURITY POLICY. Data Security Policy

Supplier Security Assessment Questionnaire

BroadData Unified Meeting Security Whitepaper v4.2

Tk20 Backup Procedure

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

BOWMAN SYSTEMS SECURING CLIENT DATA

Summary of Technical Information Security for Information Systems and Services Managed by NUIT (Newcastle University IT Service)

On-Site Computer Solutions values these technologies as part of an overall security plan:

PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s

Tenzing Security Services and Best Practices

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Alaska Alternate Assessment. Website Security Assurances. June App3.6_Test_Site_Security

Security Policy Revision Date: 23 April 2009

Table of Contents. Page 1 of 6 (Last updated 30 July 2015)

Security Policy JUNE 1, SalesNOW. Security Policy v v

Security Controls for the Autodesk 360 Managed Services

Procedure Title: TennDent HIPAA Security Awareness and Training

Print4 Solutions fully comply with all HIPAA regulations

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

University of Pittsburgh Security Assessment Questionnaire (v1.5)

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Name: Position held: Company Name: Is your organisation ISO27001 accredited:

Is Your IT Environment Secure? November 18, Sarah Ackerman, Greg Bernard, Brian Matteson Clark Schaefer Consulting

Music Recording Studio Security Program Security Assessment Version 1.1

SAS 70 Type II Audits

BKDconnect Security Overview

Remote Disaster Recovery Services Suite (nvision Edition)

H.I.P.A.A. Compliance Made Easy Products and Services

How To Use The Revenue Accounting And Management System (Ram) System

Birst Security and Reliability

PCI Data Security and Classification Standards Summary

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Alaska Alternate Assessment. Website Security Assurances

Best Practices For Department Server and Enterprise System Checklist

Remote Services. Managing Open Systems with Remote Services

SITECATALYST SECURITY

Security & Infrastructure White Paper

Network Security Administrator

Intel Enhanced Data Security Assessment Form

HIPAA Security. assistance with implementation of the. security standards. This series aims to

This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered business sensitive.

Woodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview

Projectplace: A Secure Project Collaboration Solution

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

RL Solutions Hosting Service Level Agreement

10 Ways to Avoid Ethics Dangers in the Cloud

DRAFT Standard Statement Encryption

Keyfort Cloud Services (KCS)

Storage Guardian Remote Backup Restore and Archive Services

Selecting a Secure Conferencing Solution

Central Agency for Information Technology

QuickBooks Online: Security & Infrastructure

Supplier Information Security Addendum for GE Restricted Data

ICANWK602A Plan, configure and test advanced server based security

ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire

Data Management Policies. Sage ERP Online

SECURITY OVERVIEW FOR MY.ENDNOTE.COM. In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our

White Paper. BD Assurity Linc Software Security. Overview

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

Hosted Testing and Grading

SNAP WEBHOST SECURITY POLICY

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Chapter 8: Security Measures Test your knowledge

WHITE PAPER. Support for the HIPAA Security Rule RadWhere 3.0

Our Cloud Offers You a Brighter Future

BOLDCHAT ARCHITECTURE & APPLICATION CONTROL

REDCENTRIC MANAGED FIREWALL SERVICE DEFINITION

DriveHQ Security Overview

PROTECTION AND SYSTEM MAINTENANCE COMPUTER AND COMUNICATION SYSTEM OF EXECUTIVE COUNCIL OF AUTONOMOUS PROVINCE OF VOJVODINA.

Features Security. File Versioning. Intuitive User Interface. Fast and efficient Backups

Copyright Telerad Tech RADSpa. HIPAA Compliance

Cyber Self Assessment

GiftWrap 4.0 Security FAQ

Genesys Meeting Center Version 4.0

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

White Paper. Support for the HIPAA Security Rule PowerScribe 360

WS_FTP: The smarter way to transfer files

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Service Children s Education

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Avaya TM G700 Media Gateway Security. White Paper

Security, trust and assurance

Avaya G700 Media Gateway Security - Issue 1.0

CONTENTS. Security Policy

MANAGED WORKSTATIONS: Keeping your IT running

OFFICE OF THE STATE AUDITOR General Controls Review Questionnaire

Transcription:

Information Security & Management Systems

Our Security Protocol Network Security Our entire network is protected by multiple-layer of security appliance and software. We have implemented the following security technologies to ensure information security and confidentiality levels exceed compliance requirements. Internet Security & Accelerator (ISA) Server. WatchGuard Firewall and Internet Security Appliance. Verisign s 128 bit SSL encryption for online services. Cisco VPN with encryption for remote LAN-TO-LAN connections.

Our IS Framework code Mantra Assess Transfer of only required project specs and data Technology Firewalls 128-bit SSL Encryption Antivirus Secure Configurations Respond Inform and initiate steps to improve or resolve security issues Audit Trial Activity review and check for any breaches in security Secure Data Transfer Transfer via SSL FTP or HTTPS Production Facility Customer data received and stored on secure network server Data Processing Deploy controls to secure systems and processes Security Protocol Network & Privacy Policy Confidentiality Agreement Physical Security Segregation of duties & access Monitor Procedure to monitor security systems are adequate Quality Control Systems to ensure quality of service and deliverables Dispatch Deliver processed data via SSL FTP or HTTPS Security Measures Clear Desk Activity log Vulnerability and Event Mgmt Training & Awareness

Network Policy Chart Security Policies & Procedures Personnel Security Systems Network Security Configuration Contingency Planning Armed facility security Limited access to data Physical access controls Authentication & Authorization of users Virus protection & password mgmt 128-bit encryption on data transfer Onsite\Offsite Backups & Archival System Disaster recovery scheme Secure receipt and removal of data Log on events of data access Internal audit of system activity On-going security verification

Network Resilience Our high-end production servers are built with integrated RAID VI for data protection by supporting hard disk drive mirroring and redundant power models. Data storage As per our contingency plan, we run nightly backup on our servers. Disaster recovery and back-up facilities to ensure business continuity. Offsite backups - We have taken precautions disaster recovery measure to store critical data on secure offsite storage.

Privacy Policy & Procedures Our Privacy Policy includes, A non-disclosure and confidentiality agreement to be signed by all members of the organization and senior management. A data non-disclosure agreement to maintain the confidentiality of technical and business information.

Privacy Policy Chart Privacy Policies & Procedures Administrative Documentation Tracking System and Procedures Resignation \ Termination Procedure Nondisclosure Service Agreement Unique Project\Account ID Resignation \ Termination Notice Data Nondisclosure Agreement Individual rights & access Relieving Order Employee Confidentiality Agreement Employees list with individual ID Tracking by staff ID Comprehensive Activity logging Remove Individual Access Reset Access Passwords

File Transfer Protocol File Transfer Protocol Our secure FTP server supports SSL File Transfer. Secure Sockets Layer (SSL) security protocol enables encrypted data transfer using the FTP client applications like cuteftp Pro, FTP Voyager, or WSFTP Pro. This state-of-art SSL technology will encrypt the entire session using an implementation of SSL called Explicit Encryption (AUTH SSL). This protects confidential information from interception and hacking.

Intruder Detection Anti-virus System - we use leading products like Norton Anti-Virus and McAfee to protect the flow of information on PCs, file servers, web servers, FTP servers, and email servers. We deploy periodic anti-virus\software update, real time scanning and monitoring to avoid any virus attach or intrusion resulting from new viruses. Activity Monitoring All the activity across the network is logged and reviewed regularly and any anomalies or discrepancies are thoroughly investigated.

Office Security Systems All the entry points to the premises are guarded by armed security,24x7. Security cameras are installed at all critical points including production floors with digital recording capability. To ensure highest level of security and access to the premises, bio- metric finger-print access control system is installed at all entry and exit doors with anti-bypass facility. The building is installed with Fire Alarm \ Protection systems and emergency exits. NO Internet access at production nodes. NO floppy, NO Mass Storage devices, CD or media allowed inside production facility. Production computers are installed with strict local policy and unwanted storage of any client data is restricted. Emergency Medical Kit

Business Redundancy cm has a well planned and documented procedure outlining procedural and decision making regarding backup arrangements, resource allocation, priorities, and action items necessary to fulfill the goals of effective and timely disaster recovery, emergency management and business continuity plans. Disaster Recovery and Business Redundancy Plans include: Daily backup of all new digital assets. Version control of process and deliverables at every stage. Backup of assets at secured off-site facility (Tapes, CDs/DVDs). Power backup with UPS and diesel powered generators. Hardware/Software support staff, 24 x 7. System maintenance procedures. 2 x 3Mbps Fractional E1, 2 x 512 kbps backup ADSL VoIP, secure FTP, SSL, & VPN capabilities

Confidentiality & Privacy Compliance All our work is done with utmost confidentially of data and stored in highly secure Information Servers and physical locations. Transmission of data through 128-bit encrypted SSL technology ensures high level of data security over Internet. We have non-disclosure and confidentially agreements in place to ensure that client's data is revealed only to staff with proper expressed permission.

Thank You For more details, please contact codemantra, LLC 600 West Germantown Pike Suite 400 Plymouth Meeting, PA 19462-1046 Tel: 610-940-1700 Fax: 215-243-6421 E-mail: cminfo@codemantra.com Website: http://www.codemantra.net

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information