Level I - Public. Technical Portfolio. Revised: July 2015



Similar documents
KeyLock Solutions Security and Privacy Protection Practices

Data Center Infrastructure & Managed Services Outline

Powering the Cloud Desktop: OS33 Data Centers

Autodesk PLM 360 Security Whitepaper

Five keys to a more secure data environment

Secure, Scalable and Reliable Cloud Analytics from FusionOps

SITECATALYST SECURITY

ProjectManager.com Security White Paper

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

StratusLIVE for Fundraisers Cloud Operations

BOLDCHAT ARCHITECTURE & APPLICATION CONTROL

CONTENTS. Security Policy

Birst Security and Reliability

Security Policy JUNE 1, SalesNOW. Security Policy v v

SNAP WEBHOST SECURITY POLICY

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Itron Cloud Services Offering

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Security Controls for the Autodesk 360 Managed Services

Information Technology Security Procedures

FormFire Application and IT Security. White Paper

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Security Whitepaper: ivvy Products

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Client Security Risk Assessment Questionnaire

HIPAA Security Alert

YubiCloud OTP Validation Service. Version 1.2

Security Practices, Architecture and Technologies

White paper. SAS Solutions OnDemand Hosting Overview

BMC s Security Strategy for ITSM in the SaaS Environment

DATA CENTER COLOCATION

Remote Disaster Recovery Services Suite (nvision Edition)

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

colocation. perfected.

IBX Business Network Platform Information Security Controls Document Classification [Public]

DISASTER RECOVERY. Omniture Disaster Plan. June 2, 2008 Version 2.0

GiftWrap 4.0 Security FAQ

Xerox Litigation Services. In the Cybersecurity Hot Seat: How Law Firms are Optimizing Security While Reducing Cost and Risk

modules 1 & 2. Section: Information Security Effective: December 2005 Standard: Server Security Standard Revised: Policy Ref:

Woodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview

Supplier Security Assessment Questionnaire

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity

7QUESTIONSYOUNEEDTOASKBEFORE CHOOSINGACOLOCATIONFACILITY FORYOURBUSINESS

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

Projectplace: A Secure Project Collaboration Solution

Famly ApS: Overview of Security Processes

custom hosting for how you do business

Securing the Service Desk in the Cloud

Keyfort Cloud Services (KCS)

Things You Need to Know About Cloud Backup

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security

SaaS Security for the Confirmit CustomerSat Software

by New Media Solutions 37 Walnut Street Wellesley, MA p f Avitage IT Infrastructure Security Document

Security Information & Policies

CloudDesk - Security in the Cloud INFORMATION

Hosted SharePoint: Questions every provider should answer

Fully Managed Secure Data Sharing (a cloud service)

Secure and control how your business shares files using Hightail

SAS 70 Type II Audits

Supplier Information Security Addendum for GE Restricted Data

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM

Datacentre Studley. Dedicated managed environment for mission critical services. Six Degrees Group

ShareFile Security Overview

MEDIAROOM. Products Hosting Infrastructure Documentation. Introduction. Hosting Facility Overview

Use of Exchange Mail and Diary Service Code of Practice

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA

Security & Infra-Structure Overview

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Perceptive Software Platform Services

Cloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud

1 Introduction 2. 2 Document Disclaimer 2

YubiCloud Validation Service. Version 1.1

Understanding Sage CRM Cloud

Privacy + Security + Integrity

CA Cloud Overview Benefits of the Hyper-V Cloud

CHIS, Inc. Privacy General Guidelines

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

Enterprise level security, the Huddle way.

Retention & Destruction

University of Pittsburgh Security Assessment Questionnaire (v1.5)

IT - General Controls Questionnaire

NetSuite Data Center Fact Sheet

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

Technical Overview N2EX

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Altus UC Security Overview

Troux Hosting Options

What is the Cloud, and why should it matter?

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Focus on your business and leave the disaster recovery planning to us. Data and server restoration from Green Cloud Technologies.

Transcription:

Level I - Public Technical Portfolio Revised: July 2015

Table of Contents 1. INTRODUCTION 3 1.1 About Imaginatik 3 1.2 Taking Information Security Seriously 3 2. DATA CENTER SECURITY 3 2.1 Data Center Requirements 3 2.2 Business Continuity and Backup 4 2.3 Physical Security 4 2.4 Environmental Controls 4 2.5 Fire Suppression 4 2.6 Power Management 4 3. SYSTEM DESIGN 5 3.1 Security Infrastructure 5 3.2 Performance 5 3.3 Virus Protection and Patching 6 3.4 System Monitoring 6 3.5 Change Management 6 4. SECURITY MANAGEMENT 6 4.1 Security Framework Regulations 6 4.2 Dedicated Information Security Officer 6 4.3 User Authentication and Data Security 7 4.4 System Access Management 7 4.5 Legal Requirements 7

1. Introduction 1.1 About Imaginatik Imaginatik is the leading provider of innovation management solutions to the world s top organizations. Since 1996 Imaginatik has deployed hundreds of software installations with our proprietary innovation technology, Innovation Central. This platform helps harness an organization s creative minds and helps them collaborate to solve its most pressing issues. As such, Imaginatik is well-versed in managing top-level ideas that will become the next big competitive advantages for an organization. This document provides details about the security practices at Imaginatik that makes this idea management possible. To discover what Imaginatik can do for your organization visit. 1.2 Taking Information Security Seriously Imaginatik regards Information as a major corporate asset, which is to be protected and safeguarded in the same way as more tangible assets such as cash and other forms of intrinsic value. Information and the supporting processes, systems and networks are important business assets. Both the information and the technology are subject to various threats that, if realized, could result in direct financial loss to Imaginatik and its customers. At Imaginatik we have established strong security controls to prevent this. 2. Data Center Security 2.1 Data Center Requirements Imaginatik only uses data centers that are capable of meeting our customers stringent requirements. The data centers that we use are hosted in the US and the UK by organizations that are regularly audited and are either SOC-2 type II certified, SSAE 16 type II (formerly SAS 70) attested or ISO27001:2005 and ISO 9001:2008 certified. These provide us with network connectivity and dedicated servers ensuring that your data is held securely, enabling you to meet any compliance issues you may face in regards to audits your security team may otherwise require. The following is an example of some of the areas tested, examined and documented during the certification audits: Data Control, Security, Environmental Controls, Fire Suppression, UPS and Diesel Generator Backup, Physical Access Controls, Human Resource and Personnel Controls, Infrastructure, Bandwidth.

Our US data center is also Safe Harbor compliant. 2.2 Business Continuity and Backup Imaginatik has two data center providers, which allows us many options when it comes to disaster recovery. Daily off-site backups ensure that we have the ability to recover and rebuild customer environments even in the event of total loss of one data center. Interruptions to our service are extremely rare, most commonly being caused by network issues between the customer network and the Imaginatik data center concerned. In the event of a problem affecting a customer server, we will do everything possible to recover the service as quickly as possible. If this takes longer than a few minutes, the customer concerned will be notified and kept informed until normal service is resumed. If the service interruption looks likely to be extended then we will start to restore the existing environment on a server in the other data center. This will then normally be available for use within 72 hours of the disaster, although the annual Disaster Recovery test consistently shows restoration could be 24 hours, or less. The data used will be no more than one day out of date. 2.3 Physical Security The entire data center is monitored 24x7 by security cameras and on-site staff. Cameras are positioned at every entrance, each and every rack isle and customer cage areas. All security cameras are recorded. Card access controls, biometric identification and security guards are also in place to prevent unauthorized access. 2.4 Environmental Controls Indoor cooling systems provide precise, reliable control of the data center temperature, humidity, and airflow that improves operating conditions for sensitive electronic equipment. 2.5 Fire Suppression To prevent accidental sprinkler discharge, the data center is equipped with a zoned, dry-pipe, pre-action sprinkler system that requires two or more sensors to activate. 2.6 Power Management The US data center building is served by three ultra reliable underground grids configured in a spot network that allows any one grid to drop without interruption to the building power supply. An uninterruptible power supply (UPS) is maintained that insures against short-term interruptions of power. UPS's also regulate the quality of power so that all equipment receives constant line voltage.

The UK data center gets its power from dual independent power feeds, backed up by dual battery string Uninterrupted Power Supplies (UPS) systems (deployed as standard). It also features 6 x DELPHYS MX 3 phase 500 kva UPS from Socomec, providing fault tolerant architecture with built in N+1 redundancy. Put simply, if the world were to end, the data centers could still function for another 2 days! 3. SYSTEM DESIGN 3.1 Security Infrastructure Imaginatik offers a very comprehensive platform that makes use of the latest security features including: Continuous Availability - All customer environments use clustered servers with automatic failover, so that any outage on one server won t cause an interruption to your service. Optimized Performance - We make extensive use of load balancers to ensure consistently fast response times especially during peak usage. Network Security - Our networks are protected by powerful firewalls configured to follow industry best practices for network ingress/egress security. We also implement intrusion detection / prevention systems to protect our service. Advanced Content Distribution A huge network of over 95,000 servers deployed worldwide provide a secure, fast and reliable path to our data centers, ensuring that you get the fastest possible response times wherever your users are located. In addition, a monitoring system analyzes all activities on servers and triggers notifications to our engineers to quickly assess and respond to any service disruption issues or other events. Powerful encryption is utilized ensuring data within Innovation Central is protected both in transit and rest. 3.2 Performance Service availability for Innovation Central is an impressive 99.9%, excluding scheduled maintenance periods. We measure end-to-end response times not just as measured in our data centers, but right out to the end user on your network. Our target is to have key pages in Innovation Central load in less than two seconds on average. Our technology allows us to identify those customers whose networks are most in need of improvement, compared to those customers who are achieving very fast response times. This improves participation and enables those customers to get better results from their challenges.

3.3 Virus Protection and Patching Virus protection is enabled on all servers and is updated on a daily basis. Operating System patches are installed at least monthly. Application server patches are promptly installed, to allow our customers to benefit from improvements to the core software. 3.4 System Monitoring Network and server infrastructure is monitored for performance and outages. Technical staff are automatically notified if and when an outage or performance problem occurs. Customers are immediately notified of any incidents affecting their data. 3.5 Change Management All modifications to the production environment follow a documented change control procedure that describes the migration path from development to test to production. 4. SECURITY MANAGEMENT 4.1 Security Framework Regulations Our Policies and Procedures are based on ISO Standard 27002, which is a set of best practices to be adopted by organizations in order to implement proper information security. All members of Imaginatik staff have a responsibility to ensure the data they are exposed to is protected to the best of their abilities. The Information Security Policies that provide directions on how to achieve this are written in line with ISO 27002. This demonstrates to your security team that adequate safeguards and controls are in place to an international recognized standard for managing and processing data belonging to our customers. 4.2 Dedicated Information Security Officer Imaginatik employs a dedicated Information Security Officer who has over nine years experience of information security within a financially regulated environment. The Information Security Officer is responsible for advising the Company on all security matters, managing the overall strategic security program, performing security reviews, and ensuring non public client and company data is adequately protected. A key part of the Information Security Officer s role is the education of staff. This is achieved by performing security training which includes password management, secure management of client data, physical security of company equipment, email management, internet usage and mobile computing.

4.3 User Authentication and Data Security Security has always been an integral part of Imaginatik s system design and quality assurance. The key security principles of Innovation Central include: Detailed role-based data security and authorization model. We have eight different roles available, allowing program administrators to configure access privileges to exactly the way they want them. User access management is fully delegated to the Innovation Central program administrators, ensuring that someone from your organization can configure security settings at any time. Password management (also configurable within Innovation Central) is based on bestpractice requirements and can be set to match your policies. User Administration. The administrator can manage user accounts directly. Users may also self-register. Self-registration can be limited to only individuals whose email address domain matches a pre-selected list or it can be wide open. After a user self-registers; a validation email is sent the user instructing them to click on a secured link which activates their account. If desired, we can establish a Single-Sign-On (SSO) access scheme that will allow you to use the login information in your own directory. Imaginatik has extensive experience in implementing SSO for Innovation Central with various systems. In most implementations, SAML 2.0 is used to provide SSO. 4.4 System Access Management Only Imaginatik employees who have a valid business reason (along with the clients approval when required) are granted access to client data. This is controlled by two-factor authentication using a One Time Password (OTP) and end-to end encryption. This gives the user access to a Secure Management Console (SMC) where client data can be accessed but cannot be downloaded onto the users computer or any other type of removal media device. 4.5 Legal Requirements Information in all its forms, particularly information about our clients, is one of the Company s most valuable assets. The security of that information and the adherence to the legal requirements around its storage and use is of paramount importance. In addition to regulatory requirements, Imaginatik has a strict information-protection policy to which every employee is required to adhere. Employees are also bound by a contract and Non Disclosure Agreement (NDA) and undergo full background checks during the new hire on-boarding process.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information