Cisco Meraki Privacy and Security Practices. List of Technical and Organizational Measures

Similar documents
TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Juniper Vendor Security Requirements

Awareness Technologies Systems Security. PHONE: (888)

Morningstar ByAllAccounts Service Security & Privacy Overview

KantanMT.com. Security & Infra-Structure Overview

Projectplace: A Secure Project Collaboration Solution

CTS performs nightly backups of the Church360 production databases and retains these backups for one month.

Data Center Operations Guide

Integrated Cloud Environment Security White Paper

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

SECURITY STRATEGY & POLICIES. Understanding How Swift Digital Protects Your Data

Data Security and Privacy Principles IBM Cloud Services

BLACKLINE PLATFORM INTEGRITY

FormFire Application and IT Security

Vendor Security Questionnaire

AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

Security Information & Policies

InterCall Virtual Environments and Webcasting

The Common Controls Framework BY ADOBE

Layer Security White Paper

Google Cloud & the General Data Protection Regulation (GDPR)

Daxko s PCI DSS Responsibilities

emarketeer Information Security Policy

Secure Industrial Automation Remote Access Connectivity. Using ewon and Talk2M Pro solutions

Watson Developer Cloud Security Overview

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

You Might Know Us As. Copyright 2016 TierPoint, LLC. All rights reserved.

SECURITY & PRIVACY DOCUMENTATION

White Paper The simpro Cloud

W H IT E P A P E R. Salesforce Security for the IT Executive

Twilio cloud communications SECURITY

System Security Features

SoftLayer Security and Compliance:

VMware vcloud Air SOC 1 Control Matrix

Information Security at Veritext Protecting Your Data

IT your way - Hybrid IT FAQs

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

INFORMATION TECHNOLOGY POLICY

Smart Software Licensing tools and Smart Account Management Privacy DataSheet

Dude Solutions Business Continuity Overview

Keys to a more secure data environment

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

There are also a range of security and redundancy systems designed to improve the speed, reliability, stability and security of the simpro Cloud.

Security and Compliance at Mavenlink

WHITE PAPER. Solutions OnDemand Hosting Overview

Paperspace. Security Primer & Architecture Overview. Business Whitepaper. 20 Jay St. Suite 312 Brooklyn, NY 11201

AWS alignment with Motion Picture of America Association (MPAA) Content Security Best Practices Application in the Cloud

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

TRACKVIA SECURITY OVERVIEW

CAMPUSPRESS TECHNICAL & SECURITY GUIDE

Security Model Overview. WHITE PAPER July 2012

PHRED Security Information

IBM SmartCloud Notes Security

Oracle Data Cloud ( ODC ) Inbound Security Policies

ZyLAB delivers a SaaS solution through its partner data center provided by Interoute and through Microsoft Azure.

1 Data Center Requirements

Security Architecture

Security & Privacy Guide

Data Processing Amendment to Google Apps Enterprise Agreement

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Online Services Security v2.1

Atmosphere Fax Network Architecture Whitepaper

Infrastructure Security Overview

Table of Contents. Page 1 of 6 (Last updated 27 April 2017)

enalyzer enalyzer security

Security Fundamentals for your Privileged Account Security Deployment

Windows Server Security Best Practices

CONSIDERATIONS BEFORE MOVING TO THE CLOUD

MigrationWiz Security Overview

Total Security Management PCI DSS Compliance Guide

BEYOND CJIS: ENHANCED SECURITY, NOT JUST COMPLIANCE

BUSINESS CONTINUITY PLAN Document Number: 100-P-01 v1.4

SECURITY PRACTICES OVERVIEW

MYOB Advanced SaaS. Why choose MYOB Advanced? Fact Sheet. What is MYOB Advanced SaaS?

AWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services

What can the OnBase Cloud do for you? lbmctech.com

A company built on security

IBM Case Manager on Cloud

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

Kerio Cloud. Adam Bielawski. Cloud Hosted Enterprise-Class , Calendars, Contacts, Tasks, and Instant Messaging. Twitter LinkedIn Facebook

Inventory and Reporting Security Q&A

01.0 Policy Responsibilities and Oversight

QuickBooks Online Security White Paper July 2017

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.

WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution

SAS SOLUTIONS ONDEMAND

BeBanjo Infrastructure and Security Overview

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

IBM Security Intelligence on Cloud

For USA & Europe January 2018

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)

Security White Paper. Midaxo Platform Krutarth Vasavada

SI PORTAL ONBOARDING GUIDE

Introduction. Service and Support

Transcription:

Cisco Meraki Privacy and Security Practices List of Technical and Organizational Measures Introduction Meraki takes a systematic approach to data protection, privacy, and security. We believe a robust security and privacy program requires active involvement of stakeholders, ongoing education, internal and external assessments, and instillment of best practices within the organization. The Technical and Organizational Data Security Measures Meraki has implemented and maintains a security program that leverages the ISO/IEC 2700-series of control standards as its baseline. Physical Access and Admittance Control To deny unauthorized persons access to data processing systems in which Customer Data is processed. Secure account credentials including two- factor authentication. Account security protections (strong passwords, password expiration and rotation, maximum number of failed attempts, IP based login restrictions, etc.). Change management including change logs and change event alerting. 24x7 automated intrusion detection. A high security card key system and biometric readers are utilized to control facility access. All entries, exits, and cabinets are monitored by video surveillance. Security guards monitor all traffic into and out of the data centers 24x7, ensuring that entry processes are followed. Software development life cycle and change management / change control policy and processes. Product development secure coding guidelines and training policy and procedures. Access to Customer data restricted to personnel based on appropriate business need 415-432-1000 500 Terry A Francois Blvd, San Francisco, CA 94158 meraki.cisco.com

Access Control To prevent data processing systems from being used without authorization. Software development life cycle and change management / change control policy and processes. Access to Customer Data restricted to personnel based on appropriate business need Information security responsibilities for employees. Data control and access control policies and procedures. Data Access Control To ensure that persons authorized to use systems in which Customer Data is processed only have access to the Customer Data as they are entitled to in accordance with their access rights and authorizations, and to prevent the unauthorized reading, copying, modification or deletion of Customer Data. Access to Customer Data restricted to personnel based on appropriate business need Data Transfer Control To prevent the unauthorized reading, copying, modification or deletion of Customer Data which is under Meraki's control while Customer Data is being transferred electronically, transported or recorded on data storage devices, and to ensure that the intended recipients of Customer Data who are provided with Customer Data by means of data communication equipment can be established and verified. Encrypted communication between Meraki hardware devices and Meraki s servers (HTTPS / SSL), as well as between Meraki s servers. Logging of activity of administrators (time, IP, and approximate location (city, state) of logged in administrators). Account passwords stored in encrypted format on Meraki servers.

Input Control To ensure it is possible to establish an audit trail as to when and by whom Customer Data has been entered, modified, or removed from systems being used by (or on behalf of) Meraki to process Customer Data. Logging of activity of administrators (time, IP, and approximate location (city, state) of logged in administrators). Access to Customer data restricted to personnel based on appropriate business need Data control and access control policies and procedures. Customer s ability to block entirely Meraki s access to Customer s Hosted Software account and prevent Meraki from accessing Customer Data. Session timeouts. Order/Instruction Control To ensure that Customer Data processed by or on behalf of Meraki can only be processed in accordance with the Customer's instructions. Change management including change logs and change event alerting. Customer can entirely block Meraki s access to Customer s Hosted Software account thereby preventing Meraki from accessing Customer Data. Availability Control To ensure the protection of Customer Data which is under the control of Meraki against accidental destruction or loss. 99.99% uptime service level agreement. Customer network configuration data and statistical data replicated across independent data centers with no common point of failure. Real-time replication of data between datacenters (within 60 seconds). Nightly archival backups for customer configuration data and statistical data. 24x7 independent outage alert system with 3x redundancy.

Intended Use Control To ensure that Customer Data collected is only used for the intended purpose under the Agreement. Customer Data used exclusively to provide the features and functionality available in the hosted software. Customer Data is automatically processed according to the specific features enabled by the customer and as required to secure and maintain the infrastructure. Change management including change logs and change event alerting. Customer can entirely block Meraki s access to Customer s Hosted Software account thereby preventing Meraki from accessing Customer Data. Documentation Meraki keeps documentation of organizational and technical measures in case of audits. Meraki takes reasonable steps to ensure that its employees and other persons at Meraki physical locations are aware of and comply with the organizational and technical measures set forth in this document. Additional Measures Out-of-Band Architecture Only network configuration and usage statistics are stored in the cloud. Data stored or transmitted by means of Customer s network does not traverse Meraki s servers. Cloud Services Security Daily vulnerability testing of datacenter infrastructure. Protected via IP and port- based firewalls. Remote access restricted by IP address and verified by public key (RSA.) Systems are not accessible via password access. Administrators automatically alerted on configuration changes. Cloud Services Infrastructure Data centers are certified by industry-recognized standards such as ISO 9001:2008, ISO 27001, PCI DSS, SSAE16, and ISAE 3402 (SAS 70) including Type II. Configuration standards for all system components policy and procedures. 24x7 automated failure detection all servers are tested every five minutes from multiple locations.

Disaster Preparedness Data centers feature sophisticated sprinkler systems with interlocks to prevent accidental water discharge. Diesel generators provide backup power in the event of power loss. UPS systems condition power and ensure orderly shutdown in the event of a full power outage. Each data center has service from at least two top tier carriers. Seismic bracing is provided for the raised floor, cabinets, and support systems. In the event of a catastrophic datacenter failure, services failover to another geographically separate datacenter. Organization and Personnel Formal assignment of information security responsibilities by the Chief Information Security Officer (CISO) and the Meraki Security Team. A formal security awareness program. Documentation and business justification for use of all services, protocols and ports allowed. Management of service providers policy and procedures. Criminal background review of all Meraki personnel. Rapid escalation procedures across multiple operations teams. Document History

Version Revision Date Notes 1.0 2015 Initial Release 1.1 19 February 2018 Updated for 2018, updated formatting

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback