Security & Privacy Datasheet
|
|
- Violet Park
- 5 years ago
- Views:
Transcription
1 Security & Privacy Datasheet June Page1
2 Security and Privacy for Products Introduction takes information security and privacy of personal data very seriously. We fully support and abide by the data privacy principals established in the EU Directive on Data Protection as well as other applicable local privacy laws and regulations, and are actively working towards compliance with the EU General Data Protection Regulation by the May 2018 effective date. Our security controls and mechanisms are based on the ISO global security management standard and we conduct external security audits and independent security testing on a regular basis. This datasheet provides a summary of the security measures implemented throughout the organization to provide full transparency and a peace of mind for customers that their personal data and information are in good hands. Privacy Audits and Compliance was previously part of the US-EU and US-Swiss Safe Harbor privacy frameworks. In October 2015, when the US-EU Safe Harbor framework was invalidated by the European Court of Justice (CJEU), chose to comply with the requirements to the EC Standard Contractual Clauses (sometimes called EC Model Clauses ) and to enter into signed EC Model Clauses with its customers upon request. Subsequently in July of 2016 when the US and EU adopted the new Privacy Shield framework as a replacement to the invalidated Safe Harbor,, after careful consideration, decided to continue its compliance with the EC Model Clauses instead. The EC Model Clauses contain specific security and privacy terms acknowledged by EU authorities and provide the legal basis to allow to process EU personal data in the US as part of our services to our EU customer base. Although, hosts its EU customers communities and content primarily in the EU, some EU data does makes its way into the US for support purposes, for spam filtering, video storage, log file analysis, and other similar ancillary services. A listing of data locations and s subprocessors can be found at also participates in the TRUSTe Privacy Program which is designed to help business implement strong privacy management practices consistent with a wide range of global regulations and industry standards. Verify s TRUSTe Privacy Seal here: Technologies, Inc. All Rights Reserved. Proprietary Information 2
3 Security and Privacy for Products Security Testing, Audits and Compliance At, we believe in raising the bar when it comes to security audits and compliance. We conduct various internal and external assessments on a regular basis including: - Annual internal security audits, - Annual independent SSAE 16 SOC 2 audits, - Annual ISO security assessment and certification, - Annual static code analysis - Monthly automated web application security penetration testing, - Annual Independent security penetration testing, and - Monthly security vulnerability scanning. Annual SSAE 16 SOC 2 Audits The SSAE 16 auditing standard is the successor to the SAS 70 auditing standard and updates the US service organization reporting standard in line with the international service organization reporting standard ISAE conducts annual SSAE 16 SOC 2 audits using independent external auditors and has conducted this rigorous assessment for the past seven (7) consecutive years. Customers and prospects under NDA can obtain a full copy of the latest SOC 2 Type 2 report by contacting security [at] lithium [dot] com. ISO Certification is ISO 27001:2013 certified, which is a global standard based on information security controls and management best practices. This venerable certification provides an assurance that has achieved full maturity in information security management practices according to the specifications of a world class security management standard. Certifying to the ISO 27001standard 2017 Technologies, Inc. All Rights Reserved. Proprietary Information 3
4 Security and Privacy for Products involves a rigorous three-stage assessment conducted by independent auditors. Subsequent annual onsite audits are required to maintain the certification. Click this link to verify the s ISO certification status: Security Penetration Testing In addition to the industry compliance assessments referenced above, conducts annual internal security audits, annual independent security penetration testing, security code reviews, security vulnerability scanning, and continuous automated and manual web application security penetration testing. welcomes responsible security testing by our customers. Numerous customers perform independent security audits and testing of their implementations at least annually. Since operates a shared multi-tenant SaaS environment, we limit all security testing to our staging or non-production environments. Security Testing and Reporting Policy is available on our website at Hosting in Europe is committed to its European customers and has made significant investments in the region. Our European customers are hosted in the Netherlands using an industry-leading collocation provider Equinix and our Amazon AWS hosting region in Amsterdam (EU West). Both providers Equinix and AWS operate mission-critical Tier 3+ facility and conduct separate annual SSAE 16 SOC 2 and ISO assessments using independent auditors. While Equinix provides the collocation space, physical security and access to telecommunications resources, owns and manages the entire services infrastructure. In AWS we use strong AES encryption to store customer data and have signed EC Model Clauses with AWS. Physical Security communities are hosted in independently audited and certified secure datacenters. The security measures permeate throughout the facility including but not limited to CCTV monitoring system, digital video recorders, man traps, biometric identification, mandatory visitor check-ins, a 24x7x365 front desk, and security guards around the clock. Datacenters are also equipped with fire, water, and heat detection and protection systems as well redundant UPS and diesel generators for uninterrupted high availability operation of mission critical systems. All systems undergo regular maintenance and are tested by the vendors every ninety days for proper operation and safety. Access Security Access to the Equinix colocation space is restricted to authorized staff and trusted local European vendors for remote-hands system management only and reviewed on a regular basis. Multiple forms of authentication are required to access the facility such as a valid picture ID, a 2017 Technologies, Inc. All Rights Reserved. Proprietary Information 4
5 Security and Privacy for Products secret PIN code, and biometric identification (hand or palm geometry scan). Physical access to AWS facilities is restricted to authorized AWS personnel only. Logical access to the live customer environment can only be established via a secure encrypted session and is restricted to authorized staff only. All administrative access is continuously logged and audited on a regular basis. Personal Data Storage and Protection products are designed to promote collaboration and social engagement which requires some personal information to be collected to allow for a safe, responsible, yet friendly environment for end users. The collection of any personal information on our communities reflect first and foremost the core principles of privacy such as choice, notice, proper disclosure, responsible collection and usage of personal data, accountability, and security. There are only three pieces of required information to register and login to a community, including a username, a password, and a working address. There may be other pieces of information such as a first name, a last name, location data, or a custom avatar that users may share and disclose at their personal option and choice. For our Reach and Response product we mainly require the end users social media handles such as a Twitter handle or a Facebook account to be able to interact with them from our platform. For more information about our privacy practices please visit our Privacy Policy at All personal user information with some exceptions (such as the avatar) is securely stored on servers using strong AES 128-bit encryption, minimum. The user passwords are stored using a strong cryptographic one-way SHA 512-bit hash with unique salts. The one-way nature of the SHA 512-bit hash and unique salt ensures that no one including will ever know of the actual user password other than the user herself. Additional Security Controls Proactive Monitoring monitors all its customer implementations and critical infrastructure on a 24x7x365 basis. An alert system is tied to each of the site s health statistics as well as all major parts of the hosting infrastructure. All major services such as DNS, firewalls, servers, and Internet connectivity are actively monitored. Alerts are also set up to monitor security-related events and detect security violations from the Intrusion Detection System. Security auditing is enabled on host systems and logs are sent to a secure log collection system for retention and safe keeping. In addition to proactive alerts, security logs are monitored regularly and audited on a monthly basis. Application Security has deployed a secure software development lifecycle process (Secure SDLC) to ensure that security is tightly integrated within our products. We conduct regular security design reviews and conduct security QA testing before each release cycle. A rigorous set of manual and automated security tests are conducted for each release cycle, typically several times a month, in addition to security code reviews and web application penetration testing before releasing it to the customers Technologies, Inc. All Rights Reserved. Proprietary Information 5
6 Security and Privacy for Products The application also has several layers of security to address common web application security flaws and attacks, some of which include: An extensive input and output validation layer checks and validates for proper and expected input and output to protect against cross-site scripting and script injection attacks. All user-provided content, such as the URI, query string parameters, form submissions, cookies, etc. are validated through this framework before the underlying application layers are allowed to handle the request. All non-validated input is either escaped or rejected as necessary. The application has a robust permissioning system which allows granular control over user, role, and group level access. In communities, permissions and roles can be applied at the global community level, on categories, boards, and individual users. In Reach and Response, agents, supervisors, and admins roles are defined. The fine granularity of the permissions ensures that users can be granted the specific access they need without having to grant them excessive rights. All unauthorized access attempts are logged in the audit logs. For communities, user generated content (UGC) is also checked and validated using an intelligent HTML parser. Administrators can specify which HTML tags are allowed including tag attributes and sub-tags. This intelligent parsing protects against many forms of attacks such as cross-site scripting and script injection. By providing such extensive HTML parsing capability we can allow users to safely use HTML tags for rich and lively content creation without forcing them to learn a custom or proprietary markup language. Sensitive features and form submissions are protected with secure and time sensitive CSRF tickets to protect against cross-site request forgery attacks. The ticketing system is completely transparent to the user and helps protect against cross-site request forgery attacks that can originate from external content outside of s control. Logging is enabled to record key information about the system and user requests such as the request timestamp, URL or action, agent or browser type, and source IP address. In case of a security breach, can review these logs to identify exactly how and when the breach took place as well as any actions and damage that the intruder may have inflicted. In addition to the Secure SDLC process and the web application security mechanisms described above, conducts annual independent security penetration testing. We also conduct our own internal web application security penetration testing and security code reviews on a regular basis to test against common web application security vulnerabilities such as the OWASP Top 10 list Technologies, Inc. All Rights Reserved. Proprietary Information 6
7 Security and Privacy for Products Infrastructure Security is ISO certified, which signifies that our security controls and mechanisms are modeled after a globally accepted standard based on security best practices such as: Redundant multi-tier firewalls allow relevant ports only such as port 80 (HTTP) and port 443 (HTTPS); Front-end application and web servers are isolated from utility services such as DNS and SMTP; Database servers are in a separate segment from the front-end servers; No direct access from the Internet is allowed to the database servers; Intrusion Detection Systems are deployed to monitor unauthorized access or detect malicious traffic; Regular security vulnerability scanning on a monthly basis minimum. System-level security conforms to the same high standard of security best practices such as: Only necessary services and software are installed; Servers are regularly updated with the latest security patches; All management traffic to the servers is encrypted; Administrative access to servers is restricted to authorized staff and must occur over a secure encrypted session. All administrative access is logged and monitored; Security auditing is turned on and logs are sent to a secure log collection system. Database encryption All customer production databases are considered sensitive customer data that might contain personal information or password hashes. Access to that data is restricted and protected using a broad set of security controls including, but not limited to, encryption at rest (covered in ISO and SOC 2 annual audits). Currently, the following data is stored encrypted at rest (minimum AES 128-bit): communities: user profile table and specifically user addresses and password hashes. Starting in release 17.5 we also have the capability to encrypt messages. Social Intelligence: same as above Social Response in AWS: Encrypted AWS volumes (AES 256-bit) Denial-of-Service (DDoS) Attack Defense 2017 Technologies, Inc. All Rights Reserved. Proprietary Information 7
8 Security and Privacy for Products s platform is highly scalable and we can quickly scale vertically and horizontally to handle sudden traffic spikes. Most attempts to DDoS our application are easily defeated since we can handle very large amounts of traffic without any major performance issues. We also have continuous monitoring of all production sites and any deviation from baseline latency or pageviews/requests are quickly investigated. However in small cases when large capacity and scale are not enough, we have strong measures in place to combat this type of issue, for instance: At the application layer we have resource pools to monitor access to resources and apply throttling dynamically per IP and per session when certain thresholds are hit. We can also tweak these pools on-demand as well. We also use a CDN provider which provides caching on most static assets and reduce latency and load on the app. We also have network-level DDoS protection features on our core network devices. Last but not least, we also use a reputable DDoS attack mitigation service provider for combating large scale DDoS attacks. All of these measures are typically used in combination to handle any kind of attack scenario. Vulnerability Management Apart from security hardening and installing security patches during the controlled build process, has adopted a standards-based approach to vulnerability lifecycle management following these four key steps: Acquire, Assess, Manage, and Report. Acquire - during the Acquire phase, we collect relevant security information via subscriptions to various security outlets such as US-CERT, SANS, BugTraq, as well as direct mailing lists and notification from vendors such as Microsoft. There might be other events and processes that feed in to the Acquire phase such as security incidents, security alerts, and security scan reports. Assess during the Assess phase, the acquired vulnerability information is assessed for relevance and criticality based on a pre-established criteria. Critical and High risk severity items are classified as P1 and mitigation is rolled out on an urgent basis. Other categories are prioritized based on the likelihood and impact of a given vulnerability. Manage during the Manage phase, we acquire the patch and deploy it using appropriate tools to the target systems. The patches are tested in the QA environment before they are rolled out to the production environment. Standard patches are installed during normal maintenance windows on a published schedule. Report during the Report phase, the systems are assessed using manual and automated tools to report on the status of security patches. Any missing patches and updates are processed using the vulnerability management lifecycle process. Incident Response s incident response process conforms to ISO security best practices. It involves the following phases: Detection, Validation, Response, and Recovery Technologies, Inc. All Rights Reserved. Proprietary Information 8
9 Security and Privacy for Products Detection the Detection phase involves monitoring of systems, security alerts, security log reviews, vulnerability scanning, and penetration testing to detect information security incidents. Validation the Validation phase involves analysis and prioritization of detected security incidents. Response the Response phase includes proportionate response based on the prioritization. This phase may include one or more steps such as containment, evidence collection, and eradication. Recovery the last step in the process involves recovery and lessons learned. The incident response process is thoroughly documented and exercised at least once a year. also has provisions for customer notifications in case of a breach involving customer or personal data. Data Handling, Redundancy, Backup, and Disaster Recovery The hosting infrastructure at is designed with multiple redundancies for maximum uptime. Secure datacenters have UPS and generator backup systems for power and diverse entry points for key utilities and communication facilities. Multiple high-speed Internet Service Providers for fast Internet connectivity using BGP for redundancy and automatic failover. Critical systems are set up in a redundant manner to eliminate single points of failure. This includes redundant servers, load balancers, firewalls, switches, and routers. Servers are deployed with redundant power supplies, redundant network cards, and redundant disk storage. At the database layer, data replication is set up from master database servers to slave database servers in real-time. We also take regular snapshots throughout the day. Regular backups are made daily and weekly and stored offsite in a secure location for safety. The backups are encrypted using AES 256-bit encryption. Backup restore testing is conducted on an annual basis. s Disaster Recovery Plan is updated at least annually and tested on an annual basis. There is no default retention on live customer data. As long as they are a customer we will keep all of their data intact subject to reasonable processing requests made by the customer. Log files are retained for at least one (1) year. Log data over a year old can be automatically dropped from storage. Once the contract is over we turn the information over to the customer in an XML format via our secure SFTP servers. The information on the SFTP servers remain intact for 30 days after which time it s securely deleted. The active databases are also dropped from the production servers after the XML dump is transferred to the customer. Retired media used for storage is scrubbed or destroyed using NIST SP guidelines Technologies, Inc. All Rights Reserved. Proprietary Information 9
10 Security and Privacy for Products Contact For Privacy related requests please privacy [at] lithium [dot] com. Please consider using a secure communication method such as PGP or SMIME for sharing sensitive information. s Privacy Policy is located at For Security related requests please security [at] lithium [dot] com. Please consider using a secure communication method such as PGP or SMIME for sharing sensitive information. Please be sure to read and adhere to our Security Testing and Reporting Policy located at Please visit our security page above to obtain a copy of our PGP key for secure communications. For all other inquiries please open a support case by visiting our online Support Portal at and clicking on the Support tab. For sales related and general inquiries please contact your designated Account Manager or visit our website at and click on Contact tab. About Technologies helps leading companies use social media to engage customers and drive business results. We create vibrant social communities across websites, Facebook, and the broader social web that increase sales, reduce service costs, and accelerate innovation. The world's most innovative companies such as AT&T, Best Buy, Sephora, and HP use to engage their customers in breathtaking new ways. They're increasing revenue, reducing expenses, and strengthening their brands. And most importantly, they're building a lasting competitive asset a brand nation with their customers Technologies, Inc. All Rights Reserved. Proprietary Information 10
Page1. Security & Privacy. November, 2015
Page1 Security & Privacy November, 2015 1 Introduction Lithium takes information security and privacy of personal data very seriously. We fully support and abide by the data privacy principals established
More informationSecurity & Privacy Datasheet
Security & Privacy Datasheet April 2018 1 Page1 Security and Privacy for Products Introduction takes information security and privacy of personal data very seriously. We fully support and abide by the
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationSecurity Information & Policies
Security Information & Policies 01 Table of Contents OVERVIEW CHAPTER 1 : CHAPTER 2: CHAPTER 3: CHAPTER 4: CHAPTER 5: CHAPTER 6: CHAPTER 7: CHAPTER 8: CHAPTER 9: CHAPTER 10: CHAPTER 11: CHAPTER 12: CHAPTER
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationLayer Security White Paper
Layer Security White Paper Content PEOPLE SECURITY PRODUCT SECURITY CLOUD & NETWORK INFRASTRUCTURE SECURITY RISK MANAGEMENT PHYSICAL SECURITY BUSINESS CONTINUITY & DISASTER RECOVERY VENDOR SECURITY SECURITY
More informationKantanMT.com. Security & Infra-Structure Overview
KantanMT.com Security & Infra-Structure Overview Contents KantanMT Platform Security... 2 Customer Data Protection... 2 Application Security... 2 Physical and Environmental Security... 3 ecommerce Transactions...
More informationAWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.
Security Practices Freshservice Security Practices Freshservice is online IT service desk software that allows IT teams of organizations to support their users through email, phone, website and mobile.
More informationTwilio cloud communications SECURITY
WHITEPAPER Twilio cloud communications SECURITY From the world s largest public companies to early-stage startups, people rely on Twilio s cloud communications platform to exchange millions of calls and
More informationTRACKVIA SECURITY OVERVIEW
TRACKVIA SECURITY OVERVIEW TrackVia s customers rely on our service for many mission-critical applications, as well as for applications that have various compliance and regulatory obligations. At all times
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationQuickBooks Online Security White Paper July 2017
QuickBooks Online Security White Paper July 2017 Page 1 of 6 Introduction At Intuit QuickBooks Online (QBO), we consider the security of your information as well as your customers and employees data a
More informationSecurity Overview. Technical Whitepaper. Secure by design. End to end security. N-tier Application Architecture. Data encryption. User authentication
Technical Whitepaper Security Overview As a team, we have a long history of developing and delivering HR software solutions to customers worldwide, including many of the world s most-demanding organisations.
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationRADIAN6 SECURITY, PRIVACY, AND ARCHITECTURE
ADIAN6 SECUITY, PIVACY, AND ACHITECTUE Last Updated: May 6, 2016 Salesforce s Corporate Trust Commitment Salesforce is committed to achieving and maintaining the trust of our customers. Integral to this
More informationWHITE PAPER- Managed Services Security Practices
WHITE PAPER- Managed Services Security Practices The information security practices outlined below provide standards expected of each staff member, consultant, or customer staff member granted access to
More informationJuniper Vendor Security Requirements
Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks
More informationThe following security and privacy-related audits and certifications are applicable to the Lime Services:
LIME SECURITY, PRIVACY, AND ARCHITECTURE Last Updated: September 26, 2016 FinAccel s Corporate Trust Commitment FinAccel (FinAccel Pte Ltd) is committed to achieving and maintaining the trust of our customers.
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More informationSecurity Architecture
Security Architecture RDX s top priority is to safeguard our customers sensitive information. Introduction RDX understands that our customers have turned over the keys to their sensitive data stores to
More informationAUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE
AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE Table of Contents Dedicated Geo-Redundant Data Center Infrastructure 02 SSAE 16 / SAS 70 and SOC2 Audits 03 Logical Access Security 03 Dedicated
More informationSecurity and Compliance at Mavenlink
Security and Compliance at Mavenlink Table of Contents Introduction....3 Application Security....4....4....5 Infrastructure Security....8....8....8....9 Data Security.... 10....10....10 Infrastructure
More informationData Center Operations Guide
Data Center Operations Guide SM When you utilize Dude Solutions Software as a Service (SaaS) applications, your data is hosted in an independently audited data center certified to meet the highest standards
More informationSECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry
SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below
More informationSecurity & Privacy Guide
Security & Privacy Guide October 2017 Carbon Black, Inc. 1100 Winter St,, Waltham, MA 02451 USA Tel: 617.393.7400 Fax: 617.393.7499 E-mail: support@carbonblack.com Web: http://www.carbonblack.com Copyright
More informationDHIS2 Hosting Proposal
www.knowarth.com 1 Table of Contents 2 Cloud Consulting & Hosting... 3 2.1 Cloud Consulting & Hosting includes... 3 2.2 DHIS2 Hosting features... 4 2.2.1 Best-practice installation... 4 2.2.2 Uptime and
More informationProtecting your data. EY s approach to data privacy and information security
Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share
More informationSecurity Specification
Security Specification Security Specification Table of contents 1. Overview 2. Zero-knowledge cryptosystem a. The master password b. Secure user authentication c. Host-proof hosting d. Two-factor authentication
More informationFor USA & Europe January 2018
For USA & Europe January 2018 www.sysaid.com SysAid Cloud Architecture Including Security and Disaster Recovery Plan 2 This document covers three aspects of SysAid Cloud: Datacenters Network, Hardware,
More informationInterCall Virtual Environments and Webcasting
InterCall Virtual Environments and Webcasting Security, High Availability and Scalability Overview 1. Security 1.1. Policy and Procedures The InterCall VE ( Virtual Environments ) and Webcast Event IT
More informationWHITEPAPER. Security overview. podio.com
WHITEPAPER Security overview Podio security White Paper 2 Podio, a cloud service brought to you by Citrix, provides a secure collaborative work platform for team and project management. Podio features
More informationIBM SmartCloud Notes Security
IBM Software White Paper September 2014 IBM SmartCloud Notes Security 2 IBM SmartCloud Notes Security Contents 3 Introduction 3 Service Access 4 People, Processes, and Compliance 5 Service Security IBM
More informationWORKSHARE SECURITY OVERVIEW
WORKSHARE SECURITY OVERVIEW April 2016 COMPANY INFORMATION Workshare Security Overview Workshare Ltd. (UK) 20 Fashion Street London E1 6PX UK Workshare Website: www.workshare.com Workshare Inc. (USA) 625
More informationInformation Security at Veritext Protecting Your Data
Information Security at Veritext Protecting Your Data The Veritext Security Model Introduction Information security and privacy are built into the fabric of everything we do at Veritext. Helping to protect
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationSECURITY PRACTICES OVERVIEW
SECURITY PRACTICES OVERVIEW 2018 Helcim Inc. Copyright 2006-2018 Helcim Inc. All Rights Reserved. The Helcim name and logo are trademarks of Helcim Inc. P a g e 1 Our Security at a Glance About Helcim
More informationADIENT VENDOR SECURITY STANDARD
Contents 1. Scope and General Considerations... 1 2. Definitions... 1 3. Governance... 2 3.1 Personnel... 2 3.2 Sub-Contractors... 2 3.3. Development of Applications... 2 4. Technical and Organizational
More informationCAMPUSPRESS TECHNICAL & SECURITY GUIDE
CAMPUSPRESS TECHNICAL & SECURITY GUIDE CAMPUSPRESS 2 WHAT IS IN THIS GUIDE? TABLE OF CONTENTS INTRODUCTION... 3 HOSTING... 5 DATACENTERS & HOSTING REGIONS... 6 BACKUPS AND DISASTER RECOVERY... 8 RELIABILITY
More informationAPPLICATION & INFRASTRUCTURE SECURITY CONTROLS
APPLICATION & INFRASTRUCTURE SECURITY CONTROLS ON THE KINVEY PLATFORM APPLICATION KINVEY PLATFORM SERVICES END-TO-END APPLICATION & INFRASTRUCTURE SERCURITY CONTROLS ENTERPRISE DATA & IDENTITY 2015 Kinvey,
More informationGlobal Platform Hosting Hosting Environment Security White Paper
Global Platform Hosting Hosting Environment Security White Paper Contents January, 2010 2 Introduction 2 Physical Security 3 Environmental Controls 3 Network Security 4 System Security 5 Remote Management
More informationIntroduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview
IBM Watson on the IBM Cloud Security Overview Introduction IBM Watson on the IBM Cloud helps to transform businesses, enhancing competitive advantage and disrupting industries by unlocking the potential
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationARBOR DDoS PRODUCTS IN A GDPR COMPLIANT ENVIRONMENT. Guidelines and Frequently Asked Questions
ARBOR DDoS PRODUCTS IN A GDPR COMPLIANT ENVIRONMENT Guidelines and Frequently Asked Questions About NETSCOUT NETSCOUT SYSTEMS, INC. (NASDAQ: NTCT) assures digital business services against disruptions
More informationRMS(one) Solutions PROGRESSIVE SECURITY FOR MISSION CRITICAL SOLUTIONS
RMS(one) Solutions PROGRESSIVE SECURITY FOR MISSION CRITICAL SOLUTIONS RMS REPORT PAGE 1 Confidentiality Notice Recipients of this documentation and materials contained herein are subject to the restrictions
More informationAutomate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds
EXECUTIVE BRIEF SHAREBASE BY HYLAND Automate sharing. Empower users. Retain control. With ShareBase by Hyland, empower users with enterprise file sync and share (EFSS) technology and retain control over
More informationMigrationWiz Security Overview
MigrationWiz Security Overview Table of Contents Introduction... 2 Overview... 2 Shared Security Approach... 2 Customer Best Practices... 2 Application Security... 4 Data Security and Handling... 4 Database
More informationVendor Security Questionnaire
Business Associate Vendor Name Vendor URL Vendor Contact Address Vendor Contact Email Address Vendor Contact Phone Number What type of Service do You Provide Covenant Health? How is Protected Health Information
More informationSecurity Principles for Stratos. Part no. 667/UE/31701/004
Mobility and Logistics, Traffic Solutions Security Principles for Stratos Part no. THIS DOCUMENT IS ELECTRONICALLY APPROVED AND HELD IN THE SIEMENS DOCUMENT CONTROL TOOL. All PAPER COPIES ARE DEEMED UNCONTROLLED
More informationCompleting your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT
Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT Introduction Amazon Web Services (AWS) provides Infrastructure as a Service (IaaS) cloud offerings for organizations. Using AWS,
More informationSolution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites
Solution Pack Managed Services Virtual Private Cloud Security Features Selections and Prerequisites Subject Governing Agreement DXC Services Requirements Agreement between DXC and Customer including DXC
More informationA company built on security
Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for
More informationData Security & Operating Environment
Data Security & Operating Environment Version 1.0, Summer 2018 Last updated: June 21, 2018 https://www.kintone.com/contact/ Contents 1. Service Level Objective (SLO)... 1 2. Availability and Reliability...
More informationSDL Privacy Policy Cloud Services
SDL Privacy Policy Cloud Services Software-As-A-Service Products Version 11-04-2017 v1.4 SDL plc Globe House Clivemont Road, Maidenhead SL6 7DY England www.sdl.com SDL Tridion Infrastructure Summary This
More informationGeneral Data Protection Regulation
General Data Protection Regulation Workshare Ltd ( Workshare ) is a service provider with customers in many countries and takes the protection of customers data very seriously. In order to provide an enhanced
More informationVersion 1/2018. GDPR Processor Security Controls
Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in
More information2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.
Diageo Third Party Hosting Standard 1. Purpose This document is for technical staff involved in the provision of externally hosted solutions for Diageo. This document defines the requirements that third
More informationFormFire Application and IT Security
FormFire Application and IT Security White Paper Last Update: 2015-03- 04 Contents Overview... 3 FormFire Corporate Security Policy... 3 Organizational Security... 4 Infrastructure and Security Team...
More informationTrust Services Principles and Criteria
Trust Services Principles and Criteria Security Principle and Criteria The security principle refers to the protection of the system from unauthorized access, both logical and physical. Limiting access
More informationFor Australia January 2018
For Australia January 2018 www.sysaid.com SysAid Cloud Architecture Including Security and Disaster Recovery Plan 2 This document covers three aspects of SysAid Cloud: Datacenters Network, Hardware, and
More informationOUR SECURITY POLICY & GDPR
OUR SECURITY POLICY & GDPR We take security of your Web based Expense Management system very seriously: Web based Expenses, Hosted Expenses, On-line Expense, Cloud Computing, Software as a Service and
More informationW H IT E P A P E R. Salesforce Security for the IT Executive
W HITEPAPER Salesforce Security for the IT Executive Contents Contents...1 Introduction...1 Background...1 Settings Related to Security and Compliance...1 Password Settings... 1 Session Settings... 2 Login
More informationManaging and Auditing Organizational Migration to the Cloud TELASA SECURITY
Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting
More informationZyLAB delivers a SaaS solution through its partner data center provided by Interoute and through Microsoft Azure.
Security In today s world, the requirement to focus on building secure solutions and infrastructure has become an important part of the value that businesses deliver to customers and resellers. This document
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More informationMagento Commerce Architecture and Security Model Last updated: Aug 2017
Magento Commerce Architecture and Security Model Last updated: Aug 2017 Architecture The Magento Commerce architecture is designed to provide a highly secure environment. Each customer is deployed into
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationSECURITY STRATEGY & POLICIES. Understanding How Swift Digital Protects Your Data
SECURITY STRATEGY & POLICIES Understanding How Swift Digital Protects Your Data Table of Contents Introduction 1 Security Infrastructure 2 Security Strategy and Policies 2 Operational Security 3 Threat
More informationData Processing Amendment to Google Apps Enterprise Agreement
Data Processing Amendment to Google Apps Enterprise Agreement The Customer agreeing to these terms ( Customer ) and Google Inc., Google Ireland, or Google Asia Pacific Pte. Ltd. (as applicable, Google
More informationTotal Security Management PCI DSS Compliance Guide
Total Security Management PCI DSS Guide The Payment Card Industry Data Security Standard (PCI DSS) is a set of regulations to help protect the security of credit card holders. These regulations apply to
More informationSurprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS
Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is
More informationCTS performs nightly backups of the Church360 production databases and retains these backups for one month.
Church360 is a cloud-based application software suite from Concordia Technology Solutions (CTS) that is used by churches of all sizes to manage their membership data, website, and financial information.
More informationIntegrated Cloud Environment Security White Paper
Integrated Cloud Environment Security White Paper 2012-2016 Ricoh Americas Corporation R i c o h A m e r i c a s C o r p o r a t i o n R i c o h A m e r i c a s C o r p o r a t i o n It is the reader's
More informationCisco Meraki Privacy and Security Practices. List of Technical and Organizational Measures
Cisco Meraki Privacy and Security Practices List of Technical and Organizational Measures Introduction Meraki takes a systematic approach to data protection, privacy, and security. We believe a robust
More informationBLACKLINE PLATFORM INTEGRITY
BLACKLINE PLATFORM INTEGRITY Security, Availability, and Disaster Recovery Your Trusted Partner for Financial Corporate Performance Management BlackLine is a leading provider of cloud software that automates
More informationWatson Developer Cloud Security Overview
Watson Developer Cloud Security Overview Introduction This document provides a high-level overview of the measures and safeguards that IBM implements to protect and separate data between customers for
More informationpeace of mind kit FAQ s Q: Is AccuPay bonded?
peace of mind kit At AccuPay, we take the trust you have placed in us very seriously. We understand that you depend on us to produce accurate payrolls as well as accurate tax returns and payments. With
More informationDocument Sub Title. Yotpo. Technical Overview 07/18/ Yotpo
Document Sub Title Yotpo Technical Overview 07/18/2016 2015 Yotpo Contents Introduction... 3 Yotpo Architecture... 4 Yotpo Back Office (or B2B)... 4 Yotpo On-Site Presence... 4 Technologies... 5 Real-Time
More informationSecurity Guide SAP Supplier InfoNet
SAP Supplier InfoNet Table of Contents 1 About this document....3 2 Network and communication security....4 2.1 Network security....4 2.2 Communication channel security....4 2.3 Network resource security....4
More informationPOLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND. October Table of Contents
POLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND October 2005 Table of Contents Introduction... 1 Purpose Of This Policy... 1 Responsibility... 1 General Policy... 2 Data Classification Policy...
More informationIT Attestation in the Cloud Era
IT Attestation in the Cloud Era The need for increased assurance over outsourced operations/ controls April 2013 Symeon Kalamatianos M.Sc., CISA, CISM Senior Manager, IT Risk Consulting Contents Introduction
More informationINFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare
INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore
More information7.16 INFORMATION TECHNOLOGY SECURITY
7.16 INFORMATION TECHNOLOGY SECURITY The superintendent shall be responsible for ensuring the district has the necessary components in place to meet the district s needs and the state s requirements for
More informationDeep Freeze Cloud. Architecture and Security Overview
Deep Freeze Cloud Architecture and Security Overview 2018 Faronics Corporation or its affiliates. All rights reserved. NOTICE: This document is provided for informational purposes only. It represents Faronics
More informationGDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd
GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document
More informationSecure Messaging Mobile App Privacy Policy. Privacy Policy Highlights
Secure Messaging Mobile App Privacy Policy Privacy Policy Highlights For ease of review, Everbridge provides these Privacy Policy highlights, which cover certain aspects of our Privacy Policy. Please review
More informationInformation Security Policy
Information Security Policy Information Security is a top priority for Ardoq, and we also rely on the security policies and follow the best practices set forth by AWS. Procedures will continuously be updated
More informationSoftLayer Security and Compliance:
SoftLayer Security and Compliance: How security and compliance are implemented and managed Introduction Cloud computing generally gets a bad rap when security is discussed. However, most major cloud providers
More informationOnline Services Security v2.1
Online Services Security v2.1 Contents 1 Introduction... 2 2... 2 2.1... 2 2.2... 2 2.3... 3 3... 4 3.1... 4 3.2... 5 3.3... 6 4... 7 4.1... 7 4.2... 7 4.3... 7 4.4... 7 4.5... 8 4.6... 8 1 Introduction
More informationWhat can the OnBase Cloud do for you? lbmctech.com
What can the OnBase Cloud do for you? lbmctech.com The OnBase Cloud by Hyland When it comes to cloud deployments, experience matters. With experience comes more functionality, long tracks of outstanding
More informationTitle: Planning AWS Platform Security Assessment?
Title: Planning AWS Platform Security Assessment? Name: Rajib Das IOU: Cyber Security Practices TCS Emp ID: 231462 Introduction Now-a-days most of the customers are working in AWS platform or planning
More informationIBM Security Intelligence on Cloud
Service Description IBM Security Intelligence on Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means and includes the company, its authorized users or recipients
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationepldt Web Builder Security March 2017
epldt Web Builder Security March 2017 TABLE OF CONTENTS Overview... 4 Application Security... 5 Security Elements... 5 User & Role Management... 5 User / Reseller Hierarchy Management... 5 User Authentication
More informationSecurity. ITM Platform
Security ITM Platform Contents Contents... 0 1. SaaS and On-Demand Environments... 1 1.1. ITM Platform configuration modes... 1 1.2. Server... 1 1.3. Application and Database... 2 1.4. Domain... 3 1.5.
More informationUnleash the Power of Secure, Real-Time Collaboration
White Paper Unleash the Power of Secure, Real-Time Collaboration This paper includes security information for Cisco WebEx Meeting Center, Cisco WebEx Training Center, Cisco WebEx Support Center and Cisco
More informationGRANDSTREAM PRIVACY STATEMENT
GRANDSTREAM PRIVACY STATEMENT This Privacy Statement governs how Grandstream Networks, Inc. and its affiliates ( Grandstream, us, our or we ) may collect, use, and disclose information that we obtain through
More informationGDPR Update and ENISA guidelines
GDPR Update and ENISA guidelines 2016 [Type text] There are two topics that should be uppermost in every CISO's mind, how to address the growing demand for Unified Communications (UC) and how to ensure
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More information