ZyLAB delivers a SaaS solution through its partner data center provided by Interoute and through Microsoft Azure.
|
|
- Ilene Parker
- 6 years ago
- Views:
Transcription
1 Security In today s world, the requirement to focus on building secure solutions and infrastructure has become an important part of the value that businesses deliver to customers and resellers. This document describes the security measures ZyLAB* and its partners have implemented to mitigate risks of unauthorized access to systems and data. Partnering with the best of breed ZyLAB delivers a SaaS solution through its partner data center provided by Interoute and through Microsoft Azure. About Microsoft Azure Microsoft Azure is a collection of integrated cloud services to build, deploy and manage applications through Microsofts global network of data centres. For Microsoft Azure security, Microsoft maintains and updates its security information through its corporate website: About Interoute Interoute is the owner and operator of Europe's largest cloud services platform and an international telecommunications service provider. The datacenters are located in multiple European cities (Amsterdam, Berlin, Geneva, Paris, Madrid, Milan and London). Compliant with the ISO/IEC 27001, ISO 20000, PCI DSS and ISAE 3402/SSAE 16 certifications. 3-TIER. Redundancy: power, network, hardware, internet and storage. Virtual Servers/ Storage Built on Interoute's self-owned MPLS-based fibre network. This allows them to implement a trusted and efficient MPLS VPN security model to protect our customer's data. The physical storage is RAID-configured to provide fault tolerance in the event of drive failure. The RAID configuration also natively spreads data across multiple spindles to maximize performance. * see last page of documents to read more about the legal entities delivering our SaaS Services
2 Interoute employees do not have direct access to the Systems and Information. As ZyLAB s Service provider they maintain the continuity of the hardware and infrastructure on which the ZyLAB systems are hosted. The procedures for accessing the premises of Interoute are: Customers granted physical access to Interoute s Data Centre s must comply with site access procedures, codes of conduct and operations processes. All customers use of Interoute services, facilities and operations must comply with stated contractual obligation to adhere to Acceptable Use Policy, as identified in applicable contract conditions and service schedules. The exchange of information and data between Interoute and customers will be controlled by contracted confidentiality clauses or non-disclosure agreements, and in compliance to Interoute policies and operations procedures. Physical site access will be controlled through Interoute Corporate Physical Security Policy, codes of conduct, and associated operations procedures. Interoute s ISO security management system, service security controls, security policies and operations procedures will protect Confidentiality, Integrity and Availability of Interoute and customer data and assets. Logical and physical access management controls, inclusive of user and password management, authorization permissions, termination and compliance of access permissions will be controlled and audited on a regular basis. Security Incident Management processes to report, log, respond and resolve to security incidents and impact Interoute operations, services and technology platforms will be maintained and reviewed. For Interoute security, Interoute maintains and updates its security information through its corporate website: Operational measures Roles and Responsibilities Security Administration of ediscovery is being managed by ZyLAB Operations (ZyLAB). Customer data is stored on a selected partner data center, employees of the partner data center do not have file (logical) access to the data sets. Platform Management Server storage is managed by partner data center, the solution is managed by ZyLAB Operations. The solution can only be accessed through a secured and managed VPN-connection. Pre-employment screening All Operations employees require a certificate of conduct, which the Dutch State Secretary for Security and Justice declares that the applicant did not commit any criminal offences that are relevant to the performance of his or her duties. Were applicable, an AIVD screening (conducted by the General Intelligence and Security Service of the Netherlands), may be provided.
3 Data in Transit ESI on data carrier ZyLAB will receive ESI on an encrypted data carrier (USB or Hard drive; customer will be responsible for data encryption) and will confirm the customer with a Data Receipt report (Chain of Custody). The received data will be copied to an encrypted VHDX and then uploaded to the processing environment by SFTP or FTPES. The data carrier will be logged and then stored securely in a physical vault. Physical paper files In the event that paper file digitization/scanning services are performed by ZyLAB, the digital results will be stored directly on its platform through secure SFTP / FTPES upload. ESI upload If the customer wishes to upload ESI directly to the processing environment, ZyLAB will create SFTP/FTPES credentials and send the FTP information by and the password by SMS. User Access Control User Management ZyLAB will provide the Users Account based on the delivered project requirements. The administration of the users is maintained by ZyLAB in cooperation with customer s responsible project contact. The username is send by and the password by sms. Password regime ZyLABs password policy is applicable: The setting of the password requires at least 8 characters and need 3 of 4 of the following: number, symbol, uppercase and lowercase. Use of secure SSL and applied key length Users logon via the SSL-protected portal, 2048-bit encryption. Two factor authentication After the user logs on with its credentials, the user will receive a Onetime Password through SMS. After verification, the user is granted access to the Legal Review Platform. Time out session To protect against unauthorized access, the web access session will automatically time out after a period of inactivity. IP Filtering Upon request, ZyLAB may activate IP filtering. Authorization on (system) files and system utilities Users do not have direct access control to the data. Depending on the user role and security, the users will be able to review documents through the ZyLAB Legal Review web interface. The access permission is read-only on the data and read/write on the TAGS (metadata).
4 Change Management Procedures Change management and maintenance ZyLAB administrators perform changes to cloud infrastructure, operating software and product software to maintain operational stability, availability, security and performance of the ediscovery environment. ZyLAB follows formal change management procedures to provide the necessary review, testing, and approval of changes prior to a roll out in the production environment. Change Management procedures include management of regular and ongoing application upgrades, updates and coordinated customer specific changes where required, and system and service maintenance. ZyLAB tries to avoid service interruption where possible. Where an anticipated change will require the application service to be unavailable during the change maintenance period, ZyLAB will work to provide prior notice of the anticipated impact. Application upgrades and updates Patches and updates are tested and implemented by ZyLAB. Security Patches are to be incorporated within one month after publication data. Legal Review Legal Review Platform Typically, each project will be hosted in a separate review platform. A dedicated virtual review server will be reserved for the Project. All processes for storage of data, processing of data and reviewing of data will run within a dedicated project environment. Customers have their own Active Directory (AD) group. Using separated processing /review platforms ZyLAB is able to provide the most secure setup and provide the best performance during review. Data encryption The data is not encrypted on the storage disks. If required, ZyLAB can encrypt the data on OS level but it can have an impact on backups and performance of the document review. PEN test Latest PEN test, which has been performed by Digital Investigation B.V. (Hilversum, The Netherlands), has been successfully passed in October Project termination Upon project completion, a written approval is required to start the data removal. After approval all project data (source and processed) will be removed from the systems. In parallel, a removal from the back up media is planned. This removal includes the delay of removal from daily/weekly/monthly back up media. After this cycle all data is removed definitive.
5 Availability Platform availability By default, the solution is not mirrored (this can be offered upon request). In case of a disaster, the solution may be recovered with system back-ups and snapshots. In case of a malfunction, ZyLAB will immediately commence efforts to recover the solution, 7x24x365. Hours of operation The solution is designed to be available 24 hours a day, 7 days a week and 365 days a year, except during system maintenance periods and technology upgrades. Disaster recovery plan Storage: Snapshots are taken every 4 hours, and these snapshots are kept for 2 days. One daily snap-shot is retained for a week. A further snapshot is taken weekly and kept for a month. By default, the snapshots will reside within the same data center. It is also possible to hold the snapshots in another data center. SQL: Differential backups are taken every hour and are kept until the daily full backup has been made. Every day a full backup will be made and the last 5 backups are kept. Recovery Time Objective (RTO); How fast can business process resume? SQL: 1 hour. Legal Review server: 2 hours. Storage: this depends of the volume size of the disk. On average it will be 50 GB per hour of recovering time. Recovery Point Objective (RPO); How many hours of data loss is expected? Storage: 4 hours. SQL: 1 hour. Monitoring ZyLAB has a standard set of events that are logged and monitored. Examples of such events are: CPU, Memory, disk storage and connectivity. Processes or services. Creating, deleting of a virtual server. Tagging, downloading, deleting of a document in Legal Review. Provisioning users. Accessing the Review environment. Antivirus ZyLAB does not use antivirus software. The reason is that antivirus software puts identified documents in quarantine. This means that these documents will not be accessible by the customer
6 and could potentially generate an error. Understanding the limitations, antivirus software can be used at the discretion of the customer. Access control to premises and facilities Datacenter Security Administration of the solution is managed by ZyLAB. Although the (customers) data are stored on a partner data center the employees of the data center do not have access to the data sets. They can perform backup and restore of virtual hard disk but never have access to the files within the virtual hard disk. About ZyLAB ZyLAB SaaS services are provided through the following entities: ZyLAB Headquarters United States Servicing the North America region ZyLAB DCS USA LLC 7918 Jones Branch Drive McLean, VA United States of America ZyLAB Headquarters EMEA & APAC Servicing the Europe, Middle East, Africa and Asia Pacific regions ZyLAB ediscovery & Compliance Services (DCS) BV Hoogoorddreef BA Amsterdam, the Netherlands The Afrika" building is a secured and locked location; no unauthorized entrance is permitted. Reception personnel is present at the ground floor, controlling locked entrance of visitors during office hours (Monday to Friday, 07:00 18:00 hrs). On workdays after 18:00 hrs and during the weekend or Bank Holidays, security personnel is present covering the Atlas Arena premises. The ZyLAB office is a locked and secured location within the Afrika" building. Reception personnel is present during office hours. The ZyLAB ediscovery & Compliance Services (DCS) BV office is located in a restricted area within the premises of the Amsterdam headquarters, protected by electronic keys, automatic locks and alarm system.
Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More information2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.
Diageo Third Party Hosting Standard 1. Purpose This document is for technical staff involved in the provision of externally hosted solutions for Diageo. This document defines the requirements that third
More informationAUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE
AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE Table of Contents Dedicated Geo-Redundant Data Center Infrastructure 02 SSAE 16 / SAS 70 and SOC2 Audits 03 Logical Access Security 03 Dedicated
More informationTRACKVIA SECURITY OVERVIEW
TRACKVIA SECURITY OVERVIEW TrackVia s customers rely on our service for many mission-critical applications, as well as for applications that have various compliance and regulatory obligations. At all times
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationWHITE PAPER- Managed Services Security Practices
WHITE PAPER- Managed Services Security Practices The information security practices outlined below provide standards expected of each staff member, consultant, or customer staff member granted access to
More informationSolution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites
Solution Pack Managed Services Virtual Private Cloud Security Features Selections and Prerequisites Subject Governing Agreement DXC Services Requirements Agreement between DXC and Customer including DXC
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationData Processing Amendment to Google Apps Enterprise Agreement
Data Processing Amendment to Google Apps Enterprise Agreement The Customer agreeing to these terms ( Customer ) and Google Inc., Google Ireland, or Google Asia Pacific Pte. Ltd. (as applicable, Google
More informationAxiell ALM Cloud Service - Service Level Agreement
Axiell ALM Cloud Service - Service Level Agreement 2017 This service level agreement (SLA) applies to the Axiell ALM Cloud services provided by Axiell ALM Netherlands BV ( Service Provider ), and includes
More informationData Security and Privacy Principles IBM Cloud Services
Data Security and Privacy Principles IBM Cloud Services 2 Data Security and Privacy Principles: IBM Cloud Services Contents 2 Overview 2 Governance 3 Security Policies 3 Access, Intervention, Transfer
More informationDooblo SurveyToGo: Security Overview
Dooblo SurveyToGo: Security Overview November, 2013 Written by: Dooblo Page 1 of 11 1 Table of Contents 1 INTRODUCTION... 3 1.1 OVERVIEW... 3 1.2 PURPOSE... 3 2 PHYSICAL DATA CENTER SECURITY... 4 2.1 OVERVIEW...
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More information1 Data Center Requirements
1 Data Center Requirements The following are MassDOT s standard Data Center requirements. 1.1 Data Center General Requirements 1.1.1 The CSC Operator shall furnish, or contract with a third-party provider
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More informationWORKSHARE SECURITY OVERVIEW
WORKSHARE SECURITY OVERVIEW April 2016 COMPANY INFORMATION Workshare Security Overview Workshare Ltd. (UK) 20 Fashion Street London E1 6PX UK Workshare Website: www.workshare.com Workshare Inc. (USA) 625
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationSecurity Information & Policies
Security Information & Policies 01 Table of Contents OVERVIEW CHAPTER 1 : CHAPTER 2: CHAPTER 3: CHAPTER 4: CHAPTER 5: CHAPTER 6: CHAPTER 7: CHAPTER 8: CHAPTER 9: CHAPTER 10: CHAPTER 11: CHAPTER 12: CHAPTER
More informationNS2 Cloud Overview The Cloud Built for Federal Security and Export Controlled Environments. Hunter Downey, Cloud Solution Director
NS2 Cloud Overview The Cloud Built for Federal Security and Export Controlled Environments Hunter Downey, Cloud Solution Director Why Organizations are investing in the Cloud Pressure on IT and business
More informationPage 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES
002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission
More informationCloud Service SLA Declaration
Cloud Service SLA Declaration Basic level of support for Cloud services (SLA 1) Table of Content: 1. Definitions 2. General terms 3. Level of service warranty service functioning 4. Provider`s liability
More informationSERVERS / SERVICES AT DATA CENTER AND CO-LOCATION POLICY
SERVERS / SERVICES AT DATA CENTER AND CO-LOCATION POLICY National Video Conferencing Network Version 1.0 Released January 01, 2014 HIGHER EDUCATION COMMISSION, PAKISTAN 1 GENERAL The Higher Education Commission
More informationAppPulse Point of Presence (POP)
AppPulse Point of Presence Micro Focus AppPulse POP service is a remotely delivered solution that provides a managed environment of Application Performance Management. AppPulse POP service supplies real-time
More informationInterCall Virtual Environments and Webcasting
InterCall Virtual Environments and Webcasting Security, High Availability and Scalability Overview 1. Security 1.1. Policy and Procedures The InterCall VE ( Virtual Environments ) and Webcast Event IT
More informationJuniper Vendor Security Requirements
Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks
More informationTrust Services Principles and Criteria
Trust Services Principles and Criteria Security Principle and Criteria The security principle refers to the protection of the system from unauthorized access, both logical and physical. Limiting access
More informationTwilio cloud communications SECURITY
WHITEPAPER Twilio cloud communications SECURITY From the world s largest public companies to early-stage startups, people rely on Twilio s cloud communications platform to exchange millions of calls and
More informationADIENT VENDOR SECURITY STANDARD
Contents 1. Scope and General Considerations... 1 2. Definitions... 1 3. Governance... 2 3.1 Personnel... 2 3.2 Sub-Contractors... 2 3.3. Development of Applications... 2 4. Technical and Organizational
More informationBLACKLINE PLATFORM INTEGRITY
BLACKLINE PLATFORM INTEGRITY Security, Availability, and Disaster Recovery Your Trusted Partner for Financial Corporate Performance Management BlackLine is a leading provider of cloud software that automates
More informationFormFire Application and IT Security
FormFire Application and IT Security White Paper Last Update: 2015-03- 04 Contents Overview... 3 FormFire Corporate Security Policy... 3 Organizational Security... 4 Infrastructure and Security Team...
More informationINTERNATIONAL SOS. Information Security Policy. Version 2.00
INTERNATIONAL SOS Information Security Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: August 2009 Updated: April 2018 2018 All copyright in these materials are
More informationOUR CUSTOMER TERMS CLOUD SERVICES - INFRASTRUCTURE
CONTENTS 1 ABOUT THIS PART... 2 2 GENERAL... 2 3 CLOUD INFRASTRUCTURE (FORMERLY UTILITY HOSTING)... 2 4 TAILORED INFRASTRUCTURE (FORMERLY DEDICATED HOSTING)... 3 5 COMPUTE... 3 6 BACKUP & RECOVERY... 8
More informationISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045
Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that
More informationAWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.
Security Practices Freshservice Security Practices Freshservice is online IT service desk software that allows IT teams of organizations to support their users through email, phone, website and mobile.
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationSecurity. ITM Platform
Security ITM Platform Contents Contents... 0 1. SaaS and On-Demand Environments... 1 1.1. ITM Platform configuration modes... 1 1.2. Server... 1 1.3. Application and Database... 2 1.4. Domain... 3 1.5.
More informationIntegrated Cloud Environment Security White Paper
Integrated Cloud Environment Security White Paper 2012-2016 Ricoh Americas Corporation R i c o h A m e r i c a s C o r p o r a t i o n R i c o h A m e r i c a s C o r p o r a t i o n It is the reader's
More informationEpicor ERP Cloud Services Specification Multi-Tenant and Dedicated Tenant Cloud Services (Updated July 31, 2017)
Epicor ERP Cloud Services Specification Multi-Tenant and Dedicated Tenant Cloud Services (Updated July 31, 2017) GENERAL TERMS & INFORMATION A. GENERAL TERMS & DEFINITIONS 1. This Services Specification
More informationORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers
All Affiliate Research Policy Subject: HIPAA File Under: For Researchers ORA HIPAA Issuing Department: Office of Research Administration Original Policy Date Page 1 of 5 Approved by: May 9,2005 Revision
More informationVendor Security Questionnaire
Business Associate Vendor Name Vendor URL Vendor Contact Address Vendor Contact Email Address Vendor Contact Phone Number What type of Service do You Provide Covenant Health? How is Protected Health Information
More informationISO27001 Preparing your business with Snare
WHITEPAPER Complying with ISO27001 Preparing your business with Snare T he technical controls imposed by ISO (International Organisation for Standardization) Standard 27001 cover a wide range of security
More informationenalyzer enalyzer security
enalyzer enalyzer security A documentation that provides an in depth description, that can be read as is, or forwarded to IT departments demanding more technical information. Copenhagen, May 2018 www.enalyzer.com
More informationInventory and Reporting Security Q&A
Inventory and Reporting Security Q&A General Q. What is Inventory Reporting, Collection, and Analysis? A. Inventory Reporting, Collection, and Analysis is a tool that discovers, collects, and analyzes
More informationSHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT
SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT AGREEMENT DATED [ ] BETWEEN: (1) SHELTERMANAGER LTD and (2) [ ] ( The Customer ) BACKGROUND (A) (B) (C) This Agreement is to ensure there is in place
More informationSecurity Standards for Information Systems
Security Standards for Information Systems Area: Information Technology Services Number: IT-3610-00 Subject: Information Systems Management Issued: 8/1/2012 Applies To: University Revised: 4/1/2015 Sources:
More informationLayer Security White Paper
Layer Security White Paper Content PEOPLE SECURITY PRODUCT SECURITY CLOUD & NETWORK INFRASTRUCTURE SECURITY RISK MANAGEMENT PHYSICAL SECURITY BUSINESS CONTINUITY & DISASTER RECOVERY VENDOR SECURITY SECURITY
More informationTable of Contents. Page 1 of 6 (Last updated 27 April 2017)
Table of Contents What is Connect?... 2 Physical Access Controls... 2 User Access Controls... 3 Systems Architecture... 4 Application Development... 5 Business Continuity Management... 5 Other Operational
More informationAutomate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds
EXECUTIVE BRIEF SHAREBASE BY HYLAND Automate sharing. Empower users. Retain control. With ShareBase by Hyland, empower users with enterprise file sync and share (EFSS) technology and retain control over
More informationCisco Meraki Privacy and Security Practices. List of Technical and Organizational Measures
Cisco Meraki Privacy and Security Practices List of Technical and Organizational Measures Introduction Meraki takes a systematic approach to data protection, privacy, and security. We believe a robust
More informationINFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare
INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore
More informationRAPID7 INFORMATION SECURITY. An Overview of Rapid7 s Internal Security Practices and Procedures
RAPID7 INFORMATION SECURITY An Overview of Rapid7 s Internal Security Practices and Procedures 060418 TABLE OF CONTENTS Overview...3 Compliance...4 Organizational...6 Infrastructure & Endpoint Security...8
More informationSecurity Policies and Procedures Principles and Practices
Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability
More informationSolution Pack. Managed Services Virtual Private Cloud Managed Database Service Selections and Prerequisites
Solution Pack Managed Services Virtual Private Cloud Managed Database Service Selections and Prerequisites Subject Governing Agreement Term DXC Services Requirements Agreement between DXC and Customer
More informationPolicy and Procedure: SDM Guidance for HIPAA Business Associates
Policy and Procedure: SDM Guidance for HIPAA Business (Adapted from UPMC s Guidance for Business at http://www.upmc.com/aboutupmc/supplychainmanagement/documents/guidanceforbusinessassociates.pdf) Effective:
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationPCI DSS Compliance. White Paper Parallels Remote Application Server
PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationMicrosoft Azure Security, Privacy, & Compliance
Security, Privacy, & Compliance Andreas Grigull Geschäftsentwicklung Assekuranz Installation von 2000 Servern in 3 Stunden Technology trends: driving cloud adoption BENEFITS Speed Scale Economics Cloud
More informationCloud FastPath: Highly Secure Data Transfer
Cloud FastPath: Highly Secure Data Transfer Tervela helps companies move large volumes of sensitive data safely and securely over network distances great and small. Tervela has been creating high performance
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationemarketeer Information Security Policy
emarketeer Information Security Policy Version Date 1.1 2018-05-03 emarketeer Information Security Policy emarketeer AB hereafter called emarketeer is a leading actor within the development of SaaS-service
More informationepldt Web Builder Security March 2017
epldt Web Builder Security March 2017 TABLE OF CONTENTS Overview... 4 Application Security... 5 Security Elements... 5 User & Role Management... 5 User / Reseller Hierarchy Management... 5 User Authentication
More informationCTS performs nightly backups of the Church360 production databases and retains these backups for one month.
Church360 is a cloud-based application software suite from Concordia Technology Solutions (CTS) that is used by churches of all sizes to manage their membership data, website, and financial information.
More informationVersion v November 2015
Service Description HPE Quality Center Enterprise on Software-as-a-Service Version v2.0 26 November 2015 This Service Description describes the components and services included in HPE Quality Center Enterprise
More informationWHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution
WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution Tervela helps companies move large volumes of sensitive data safely and securely over network distances great and small. We have been
More informationStandard: Event Monitoring
October 24, 2016 Page 1 Contents Revision History... 4 Executive Summary... 4 Introduction and Purpose... 5 Scope... 5 Standard... 5 Audit Log Standard: Nature of Information and Retention Period... 5
More informationMicrosoft SharePoint Server 2013 Plan, Configure & Manage
Microsoft SharePoint Server 2013 Plan, Configure & Manage Course 20331-20332B 5 Days Instructor-led, Hands on Course Information This five day instructor-led course omits the overlap and redundancy that
More informationData Protection Policy
Data Protection Policy Status: Released Page 2 of 7 Introduction Our Data Protection policy indicates that we are dedicated to and responsible of processing the information of our employees, customers,
More informationOracle Data Cloud ( ODC ) Inbound Security Policies
Oracle Data Cloud ( ODC ) Inbound Security Policies Contents Contents... 1 Overview... 2 Oracle Data Cloud Security Policy... 2 Oracle Information Security Practices - General... 2 Security Standards...
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationPS 176 Removable Media Policy
PS 176 Removable Media Policy December 2013 Version 2.0 Statement of legislative compliance This document has been drafted to comply with the general and specific duties in the Equality Act 2010; Data
More informationData Security at Smart Assessor
Data Security at Smart Assessor Page 1 Contents Data Security...3 Hardware...3 Software...4 Data Backups...4 Personnel...5 Web Application Security...5 Encryption of web application traffic...5 User authentication...5
More informationSERVICE DESCRIPTION & ADDITIONAL TERMS AND CONDITIONS VERSIEGELTE CLOUD. Service description & additional terms and conditions VERSIEGELTE CLOUD
Service description & additional terms and conditions VERSIEGELTE CLOUD Last revised: March 19, 2018 Page 1 of 10 PUBLICATION DETAILS Published by Telekom Deutschland GmbH Landgrabenweg 151 53227 Bonn
More informationVersion 1/2018. GDPR Processor Security Controls
Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in
More informationSparta Systems TrackWise Digital Solution
Systems TrackWise Digital Solution 21 CFR Part 11 and Annex 11 Assessment February 2018 Systems TrackWise Digital Solution Introduction The purpose of this document is to outline the roles and responsibilities
More informationInteroute Use Case. SQL 2016 Always On in Interoute VDC. Last updated 11 December 2017 ENGINEERED FOR THE AMBITIOUS
Interoute Use Case SQL 2016 Always On in Interoute VDC Last updated 11 December 2017 ENGINEERED FOR THE AMBITIOUS VERSION HISTORY Version Date Title Author 1 11 / 12 / 17 SQL 2016 Always On in Interoute
More informationCloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017
Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017 Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and
More informationICT Security Policy. ~ 1 od 21 ~
ICT Security Policy ~ 1 od 21 ~ Index 1 INTRODUCTION... 3 2 ELEMENTS OF SECURITY CONTROL... 4 2.1 INFORMATION MEDIA MANAGEMENT... 4 2.2 PHYSICAL PROTECTION... 6 2.3 COMMUNICATION AND PRODUCTION MANAGEMENT...
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationWhat can the OnBase Cloud do for you? lbmctech.com
What can the OnBase Cloud do for you? lbmctech.com The OnBase Cloud by Hyland When it comes to cloud deployments, experience matters. With experience comes more functionality, long tracks of outstanding
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationVersion v November 2015
Service Description HPE Project and Portfolio Management on Software-as-a- Service Version v2.0 26 November 2015 This Service Description describes the components and services included in HPE Project and
More informationCyber Insurance PROPOSAL FORM. ITOO is an Authorised Financial Services Provider. FSP No
PROPOSAL FORM Cyber Insurance Underwritten by The Hollard Insurance Co. Ltd, an authorised Financial Services Provider www.itoo.co.za @itooexpert ITOO is an Authorised Financial Services Provider. FSP.
More informationNetwork Security Policy
Network Security Policy Date: January 2016 Policy Title Network Security Policy Policy Number: POL 030 Version 3.0 Policy Sponsor Policy Owner Committee Director of Business Support Head of ICU / ICT Business
More informationDATA PRIVACY & PROTECTION POLICY POLICY INFORMATION WE COLLECT AND RECEIVE. Quality Management System
DATA PRIVACY & PROTECTION POLICY POLICY This Data Privacy & Protection Policy applies to ELMO Software Limited s Cloud HR & Payroll applications and platform (collectively, the Services ), elmosoftware.com.au
More informationCloud Transformation and Significance of Security
Cloud Transformation and Significance of Security Mohit Sharma, Chief Architect & Cloud Evangelist @onlinesince2009 www.cloudsec.com Datacenter Management Change Management Policy Physical Network Management
More informationAUTHORITY FOR ELECTRICITY REGULATION
SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...
More informationSecurity Overview. Technical Whitepaper. Secure by design. End to end security. N-tier Application Architecture. Data encryption. User authentication
Technical Whitepaper Security Overview As a team, we have a long history of developing and delivering HR software solutions to customers worldwide, including many of the world s most-demanding organisations.
More informationTIBCO Nimbus Service
TIBCO Nimbus TIBCO Software Inc. (NASDAQ: TIBX) is a provider of infrastructure software for companies to use onpremise or as part of cloud computing environments. Whether it's efficient claims or trade
More informationA company built on security
Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for
More informationTHE EASIEST WAY TO THE CLOUD! V2 CLOUD WorkSpaces. CLOUD FOR SMBs V2 CLOUD
WorkSpaces CLOUD FOR SMBs WORKSPACES V2 Cloud WorkSpaces is a fully managed Desktop-as-a-Service offering specifically built for Small and Medium-Sized Businesses. With V2 Cloud WorkSpaces, SMBs can conveniently
More informationServeRestore Service Description
ServeRestore Service Description... 2 ServeRestore Service Options... 2 ServeRestore Service Limitations... 2 ServeRestore Implementation Plan and Timeline... 4 ServeRestore Disaster Recovery Process...
More informationMorningstar ByAllAccounts Service Security & Privacy Overview
Morningstar ByAllAccounts Service Security & Privacy Overview Version 3.8 April 2018 April 2018, Morningstar. All Rights Reserved. 10 State Street, Woburn, MA 01801-6820 USA Tel: +1.781.376.0801 Fax: +1.781.376.8040
More informationIBM SmartCloud Notes Security
IBM Software White Paper September 2014 IBM SmartCloud Notes Security 2 IBM SmartCloud Notes Security Contents 3 Introduction 3 Service Access 4 People, Processes, and Compliance 5 Service Security IBM
More informationECSA Assessment Report
ECSA Assessment Report Company Test Cloud Company Name of the cloudservice textcloud.com Website of the cloudservice 11.textcloud.com Project number #10652 Projectname Dummyproject Print date 2015-12-01
More informationThe Apple Store, Coombe Lodge, Blagdon BS40 7RG,
1 The General Data Protection Regulation ( GDPR ) is the new legal framework that will come into effect on the 25th of May 2018 in the European Union ( EU ) and will be directly applicable in all EU Member
More informationMagento GDPR Frequently Asked Questions
Magento GDPR Frequently Asked Questions Whom does GDPR impact? Does this only impact European Union (EU) based companies? The new regulation provides rules that govern how companies may collect and handle
More informationCloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com
Cloud Computing Faculty of Information Systems Duc.NHM nhmduc.wordpress.com Evaluating Cloud Security: An Information Security Framework Chapter 6 Cloud Computing Duc.NHM 2 1 Evaluating Cloud Security
More information