Information Security at Veritext Protecting Your Data

Similar documents
AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Layer Security White Paper

SECURITY AND DATA REDUNDANCY. A White Paper

University of Pittsburgh Security Assessment Questionnaire (v1.7)

You Might Know Us As. Copyright 2016 TierPoint, LLC. All rights reserved.

Online Services Security v2.1

System Security Features

Security and Compliance at Mavenlink

SECURITY & PRIVACY DOCUMENTATION

Security Overview. Technical Whitepaper. Secure by design. End to end security. N-tier Application Architecture. Data encryption. User authentication

A company built on security

1 Data Center Requirements

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

KantanMT.com. Security & Infra-Structure Overview

Google Cloud & the General Data Protection Regulation (GDPR)

Integrated Cloud Environment Security White Paper

WHITEPAPER. Security overview. podio.com

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

The Common Controls Framework BY ADOBE

CTS performs nightly backups of the Church360 production databases and retains these backups for one month.

Projectplace: A Secure Project Collaboration Solution

Awareness Technologies Systems Security. PHONE: (888)

Keys to a more secure data environment

Checklist: Credit Union Information Security and Privacy Policies

Internet of Things Toolkit for Small and Medium Businesses

Security Principles for Stratos. Part no. 667/UE/31701/004

HIPAA / HITECH Overview of Capabilities and Protected Health Information

Twilio cloud communications SECURITY

Juniper Vendor Security Requirements

LBI Public Information. Please consider the impact to the environment before printing this.

RADIAN6 SECURITY, PRIVACY, AND ARCHITECTURE

Cisco Meraki Privacy and Security Practices. List of Technical and Organizational Measures

AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

Vendor Security Questionnaire

WORKSHARE SECURITY OVERVIEW

Custom hosting solutions orchastrated for your needs.

AppPulse Point of Presence (POP)

Security Architecture

2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.

The simplified guide to. HIPAA compliance

Watson Developer Cloud Security Overview

Morningstar ByAllAccounts Service Security & Privacy Overview

The Nasuni Security Model

What can the OnBase Cloud do for you? lbmctech.com

TB+ 1.5 Billion+ The OnBase Cloud by Hyland 600,000,000+ content stored. pages stored

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Paperspace. Security Primer & Architecture Overview. Business Whitepaper. 20 Jay St. Suite 312 Brooklyn, NY 11201

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

QuickBooks Online Security White Paper July 2017

Cloud-Based Data Security

Security & Privacy Guide

Security Information & Policies

IT Attestation in the Cloud Era

Custom cloud hosting for your Sitecore Experience Platform.

Cloud Computing Lectures. Cloud Security

IBM SmartCloud Notes Security

Xerox Audio Documents App

Dooblo SurveyToGo: Security Overview

Altius IT Policy Collection

The following security and privacy-related audits and certifications are applicable to the Lime Services:

IT your way - Hybrid IT FAQs

Unleash the Power of Secure, Real-Time Collaboration

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

QUIACLE TECHNOLOGY SOLUTIONS, INC. CLOUD SERVICES MANAGED SECURITY SERVICES

MEETING ISO STANDARDS

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Effective Strategies for Managing Cybersecurity Risks

Compliance and Security in a Cloud-First Era

BeOn Security Cybersecurity for Critical Communications Systems

SECURITY STRATEGY & POLICIES. Understanding How Swift Digital Protects Your Data

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

Google Cloud Platform: Customer Responsibility Matrix. December 2018

Information Security in Corporation

Recommendations for Implementing an Information Security Framework for Life Science Organizations

01.0 Policy Responsibilities and Oversight

Maintain Data Control and Work Productivity

Data Security and Privacy Principles IBM Cloud Services

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

Verasys Enterprise Security and IT Guide

TRACKVIA SECURITY OVERVIEW

Google Cloud Platform: Customer Responsibility Matrix. April 2017

SDL Privacy Policy Cloud Services

Cyber Criminal Methods & Prevention Techniques. By

Total Security Management PCI DSS Compliance Guide

RMS(one) Solutions PROGRESSIVE SECURITY FOR MISSION CRITICAL SOLUTIONS

MYOB Advanced SaaS. Why choose MYOB Advanced? Fact Sheet. What is MYOB Advanced SaaS?

PCI DSS Compliance. White Paper Parallels Remote Application Server

WHITE PAPER. Title. Managed Services for SAS Technology

Managing SaaS risks for cloud customers

Information Technology General Control Review

IBM Security Intelligence on Cloud

Curatrix. How can Curatrix Communications help your business? Communications. Connecting your Business

Inventory and Reporting Security Q&A

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Network Security Policy

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

Transcription:

Information Security at Veritext Protecting Your Data

The Veritext Security Model Introduction Information security and privacy are built into the fabric of everything we do at Veritext. Helping to protect the confidentiality and integrity of client data is a core part of our mission. Veritext has made significant investments in security-related systems, services and processes and will continue to invest in maintaining a strong security posture as our clients requirements continue to develop. This document provides an overview of the systems controls and security practices which are compliant with HIPAA and PII standards, as well as the latest in security best practices. The Veritext Security Model On a systems level, data security at Veritext is implemented at the infrastructure layer, as well as within each of the specific products that Veritext offers. Surrounding the technical infrastructure and products are the processes and procedures that ensure that the products and services are delivered in a way that ensures information security and privacy. These processes and procedures are embedded in the company confidentiality policy and procedures. In the infrastructure layer, data is stored and moved through the computing and storage systems. Here, our systems utilize strong data encryption to protect against access to the data without authenticated, auditable privileges. CONFIDENTIALITY POLICY & PROCEDURES THE LAWSTUDIO SECURITY MODEL Access Control PRODUCT LAYER Rights Monitoring HIPAA, PII SSAE-16 Compliant In the product layer, data is processed and presented to authorized individuals based on privileges determined by the client. Both of these system layers are supported by our confidentiality policy, which prescribes our practices designed to ensure protection of client data in the course of developing, maintaining and delivering our products and sevices. All Veritext employees are trained and managed on this policy. The schematic below illustrates this model, and the following sections provide more detail on the security layers and the policy around them. TECHNICAL INFRASTRUCTURE LAYER Computing Network Storage Facilities Information Security at Veritext Protecting Your Data 2

Security within the Infrastructure Layer Security within the Infrastructure Layer In the infrastructure layer, security is built into the ways computing devices (i.e., servers) are accessed and protected, how the network allows communication between devices and how it transmits data, how storage systems protect transient and permanent data as it is stored, and how all of the physical computing, network and storage devices are protected within the facilities in which they are hosted. Veritext utilizes a Tier-4 SSAE 16 SOC 2 certified data center, as well as Amazon AWS hosting services, which maintains ISO27001, SOC, PCI and several other international standards. The following implementation of the security policy is maintained throughout the infrastructure layer. Computing security is implemented via best practices for operating system configuration. All computing devices are configured for access only by authorized, auditable administration staff operating under, and abiding by, the Veritext Confidentiality Policy. All servers are protected by the latest virus and malware protection and maintained at the most recent viable security patch level. Client data is not stored at the compute layer, and all data is managed in protected storage subsystems. Network security is implemented via best practices for external and internal network controls. Within the internal computer and storage network, only identified hosts and application ports are permitted to traverse the network as configured in firewalls and virtual hosting configurations. External client and agent access is always carried via the secure socket layer (i.e., HTTPS) protocol. Storage security is implemented for all sensitive client files via strong encryption, with access control implemented within the application layer (See Access Control ). Data is encrypted at rest using the AES-256 bit encryption standard. Facilities security is assured in Veritext s internal hosting environment via a controlled access dedicated cage in a CenturyLink Tier IV, SSAE16 SOC 2 compliant data center. Subsystems that are hosted in the Amazon Web Services cloud environment are equally protected via Amazon s strong facilities controls. More information on Amazon s facilities controls can be found here: http://aws.amazon.com/ security. Information Security at Veritext Protecting Your Data 3

Security within the Product Layer Security within the Product Layer In the application layer, security is built into the ways access to data by a client is controlled, the ways that clients can manage rights to different sets of data, and how access to the application and systems is monitored. Access Control within Veritext products and systems is implemented both for clients accessing the system, as well as across subsystems. User login is required in order to obtain access to product functions and content, and user credentials are protected from unauthorized access at all times. Rights Management within Veritext products and systems ensures that access to content and resources is granted on a least privileged basis, meaning that access is granted only to resources required for the work function. Close Monitoring of Veritext products and systems ensures that controls and policies are effective and that new and emerging threats do not compromise data security and integrity. Active monitoring includes the use of systems and network tools that alert Veritext staff to unexpected conditions in systems access and utilization as well as systems and subsystem faults that may indicate an underlying problem. In addition, access audit logging ensures that potential unauthorized access can be quickly assessed and resolved. Information Security at Veritext Protecting Your Data 4

Veritext Confidentiality Policy & Procedure Veritext Confidentiality Policy & Procedure Underpinning the design, implementation and support for MyVeritext is the Veritext Confidentiality Policy. The policy delineates responsibilities around information privacy and security for all employees, as well as general and security-specific management roles. While the policy itself is an internal policy document, the specific scope of the policy includes: General information security controls, including: Employee comportment and identification Security management protocols, including: Computer encryption and strong mobile device content management Network security, including firewall, Web filtering, virus and malware defense Procedures to report, assess and track resolution of potential data privacy issues Regular audits for policy compliance Acceptable use of computer systems and confidential treatment of client and company data Assurance of physical security at all Veritext operational locations Information Security at Veritext Protecting Your Data 5

Protection of Data Integrity & Availability Protection of Data Integrity & Availability Veritext ensures that client data is not only secured for access only to client-authorized individuals, but also works hard to ensure that it is always available for client access. There are two aspects of data integrity and availability assurance: The first is high-availability infrastructure, and the second is a sound recovery posture. For high-availability infrastructure, all client data is stored on resilient, high-performance storage array within hardened Tier IV hosting centers (See Facilities in Infrastructure Layer ). High availability is achieved through redundant components (i.e., disk drives, controllers) to ensure that data is not lost even if specific components in the storage subsystem fail. As a safety net in assuring data availability, database backups are performed to capture all changes. This data is backed up to tape nightly and stored offsite. Data stored within Amazon s infrastructure is highly redundant and backed by a 99.99% availability SLA. Amazon s infrastructure is backed by a 99.99 % availability SLA Additional Questions? For any additional information or questions about any of Veritext s security practices, please contact your Veritext account or client services representative. Information Security at Veritext Protecting Your Data 6

About Us About Veritext Legal Solutions Veritext provides superior court reporting and litigation services to the legal industry with a proven track record of industry excellence. Veritext is the established leader in technology-driven deposition and litigation support services for law firms and corporations. www.veritext.com Headquarters 290 West Mount Pleasant Avenue Suite 3200 Livingston, NJ 07039 Tel: 800.567.8658 Information Security at Veritext Protecting Your Data Veritext Legal Solutions

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback