Data Security at Smart Assessor

Similar documents
CTS performs nightly backups of the Church360 production databases and retains these backups for one month.

KantanMT.com. Security & Infra-Structure Overview

Keys to a more secure data environment

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

Awareness Technologies Systems Security. PHONE: (888)

Online Services Security v2.1

Data Center Operations Guide

IBM SmartCloud Notes Security

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Projectplace: A Secure Project Collaboration Solution

Security Principles for Stratos. Part no. 667/UE/31701/004

BASELINE GENERAL PRACTICE SECURITY CHECKLIST Guide

Security Specification

Dooblo SurveyToGo: Security Overview

emarketeer Information Security Policy

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Redkite Data Protection and Privacy Statement

Table of Contents. Page 1 of 6 (Last updated 27 April 2017)

Information Security Controls Policy

Hosted Testing and Grading

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

PCI DSS Compliance. White Paper Parallels Remote Application Server

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

SECURITY PRACTICES OVERVIEW

Xerox Audio Documents App

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Watson Developer Cloud Security Overview

7.16 INFORMATION TECHNOLOGY SECURITY

SAFECOM SECUREWEB - CUSTOM PRODUCT SPECIFICATION 1. INTRODUCTION 2. SERVICE DEFINITION. 2.1 Service Overview. 2.2 Standard Service Features APPENDIX 2

Daxko s PCI DSS Responsibilities

CS 356 Operating System Security. Fall 2013

Cyber security tips and self-assessment for business

ClearPath OS 2200 System LAN Security Overview. White paper

TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

HIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics

April Appendix 3. IA System Security. Sida 1 (8)

CIS Controls Measures and Metrics for Version 7

What can the OnBase Cloud do for you? lbmctech.com

SECURITY & PRIVACY DOCUMENTATION

University of Pittsburgh Security Assessment Questionnaire (v1.7)

epldt Web Builder Security March 2017

Checklist: Credit Union Information Security and Privacy Policies

Level 3 Certificate in Cloud Services (for the Level 3 Infrastructure Technician Apprenticeship) Cloud Services

SECURITY STRATEGY & POLICIES. Understanding How Swift Digital Protects Your Data

Security Architecture

Network Performance, Security and Reliability Assessment

MigrationWiz Security Overview

Data Security and Privacy Principles IBM Cloud Services

Simple and Powerful Security for PCI DSS

zsah Cloud Offering Security FAQ In partnership with Clearswift

Cloud Compute. Backup Portal User Guide

Security Enhancements

MYOB Advanced SaaS. Why choose MYOB Advanced? Fact Sheet. What is MYOB Advanced SaaS?

TB+ 1.5 Billion+ The OnBase Cloud by Hyland 600,000,000+ content stored. pages stored

CIS Controls Measures and Metrics for Version 7

A company built on security

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Dude Solutions Business Continuity Overview

Education Network Security

QuickBooks Online Security White Paper July 2017

SoftLayer Security and Compliance:

CONNX SECURITY OVERVIEW

Purpose of this document

Payment Card Industry (PCI) Data Security Standard

UNCLASSIFIED. Mimecast UK Archiving Service Description

Deploy. Your step-by-step guide to successfully deploy an app with FileMaker Platform

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

NEN The Education Network

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

PCI Compliance Updates

Controls Electronic messaging Information involved in electronic messaging shall be appropriately protected.

CompTIA Security+ E2C (2011 Edition) Exam.

The Common Controls Framework BY ADOBE

Introduction With the move to the digital enterprise, all organizations regulated or not, are required to provide customers and anonymous users alike

HIPAA / HITECH Overview of Capabilities and Protected Health Information

HikCentral V.1.1.x for Windows Hardening Guide

Security Information & Policies

System Overview. Security

Inventory and Reporting Security Q&A

Cloud-Based Data Security

HikCentral V1.3 for Windows Hardening Guide

WHITEPAPER. Security overview. podio.com

InterCall Virtual Environments and Webcasting

AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT FIVE. Microsoft Windows Security.

FormFire Application and IT Security

Security Standards for Electric Market Participants

CogniFit Technical Security Details

1) Are employees required to sign an Acceptable Use Policy (AUP)?

Information Security Policy

<Criminal Justice Agency Name> Personally Owned Device Policy. Allowed Personally Owned Device Policy

Physical and Environmental Security Standards

stickapp anti-virus password manager vpn client free Security & Productivity Apps for SafeStick stickapps.co.uk

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

Guidelines for Account Management and Effective Usage

QuoVadis Trustlink Schweiz AG Teufenerstrasse 11, 9000 St. Gallen

Transcription:

Data Security at Smart Assessor Page 1

Contents Data Security...3 Hardware...3 Software...4 Data Backups...4 Personnel...5 Web Application Security...5 Encryption of web application traffic...5 User authentication...5 Application architecture...6 Office process security...8 Page 2

Data Security This document outlines the steps taken to protect customer data hosted in the Smart Assessor application. Hardware Hosting Partner Smart Assessor has chosen to partner with Rackspace Limited. Rackspace is a certified data centre and hosting company based in the UK - http://www.rackspace.co.uk/ Location Smart Assessors servers are located in Slough in the Rackspaces data centre. Facility Data Centre floor space is approximately 5,000 square meters of raised floor Site is manned 24x7x365 with Rackspace Operations personnel OEM service/maintenance contracts on all facility infrastructure systems SSAE16 compliant Security Physical access to devices within Rackspace data centres is restricted to authorized Rackspace personnel Card reader and biometric access required to enter facility Card reader access required to enter data centre floor Security cameras recorded by digital video recorder Bomb proof film installed behind all windowed areas Fully fenced perimeter Power 100% renewable energy Generator backups in case of power loss Generators activate and fully synchronize within 60 seconds Each generator has its own supply system with a total of 60,000 litres on site Fuel suppliers under contract to deliver fuel within 4 hours Fire protection Early Smoke Detection (VESDA) Dry pipe pre-action fire suppression system Page 3

Software Server The Smart Assessor Server runs Microsoft Windows Server 2008 R2. The design of the system is based on industry standards platforms both for data management using Microsoft s SQL Server 2008 R2 and web services delivery using Microsoft Internet Information Servers. To ensure additional security as well as data segregation every new client site is created as both an individual SQL instance as well as a separate IIS site instance. All Smart Assessor Severs are Protected by Sophos Anti Virus, Daily scans are performed. Data Backups Weekly Full Backup + Daily Differential Backups Smart Assessor employ s Weekly Full Backups + Daily Differential Backups this Strategy provides a Daily Backup of all modified files and directories, since the last full backup. With this strategy, a Full Backup of all files/directories you specify is performed one day a week. Every day for six days thereafter, a Differential Backup is performed on the same set of files/directories. Each daily Differential Backup backs up the files and directories that have been modified since your last Full Backup. This means that a file modified the day after your Full Backup will be supported by a Differential Backup every single day until your next Full Backup. When a full data restore is required with a differential strategy, only two Backup Sets are needed to restore your data the latest Full Backup Set plus the latest Differential Backup Set. This makes a full data restore speedy because the required data only has to be restored from two Backup Sets. The databases are regularly and automatically backed and in the unlikely event that our servers suffer a hardware failure it would be repaired or replaced within 2 hours. Rackspace store backups offsite from the data center containing the live servers, this further protects from loss of data. All backups are protected from tampering and unauthorized access. Bandwidth All access to the servers is through a dynamic multiport firewall, this allows the system to regulate the required bandwidth needed to support the volume of transactions currently needed. Risk Mitigation All servers are held in a secure offsite location specifically designed to cope with high transaction environments as well as provide a secure environment for all data. These servers are maintained to the latest system patch and virus scanning definition to avoid backdoor attacks or damage from viruses. In the unlikely event that our servers suffer a hardware failure it would be repaired or replaced within 2 hours. If failures required software reload or database recovery we have a quick and efficient process to ensure this happens seamlessly and as quickly as possible. As part of that, the server and web site are monitored every hour automatically even when not in use to detect issues and start the rectification process sometimes even before the system users are aware of an issue.

Page 4 Personnel All Smart Assessor Staff members and Rackspace Employee s undergo a full background screening check, including: Right to work in the UK (in accordance with the Home Office guidelines) Electoral Roll Identity Check (Passport or other Government issued documents) Employee history and references Educational / Qualifications UK Criminal Records Bureau check In the future Rackspace staff will also undergo: Identity Check (Media search) Money Laundering check Financial sanctions check OFAC register check International criminal records check You can contact Rackspace or Smart Assessor for more information on background screening. Web Application Security Encryption of Web Application Traffic The whole application's web site has been secured using a secure socket layer (SSL) certificate and the use of HTTPS protocol to help ensure against web site spoofing or interception of message packets in transit on the internet. Similar protection is provided in the Smart conferencing software used to provide business grade security during conferencing. User Authentication Users login into their own database in Smart Assessor using a secure username and password. There are several different types of account in Smart Assessor allowing you different levels are user access, for example Assessors can only login and see their own learner s data, where as a Master Admin can login and view all learner data. Administrators are the only users who can view passwords; no other type of account has access to visible user passwords. Smart Assessor also records who has logged in and when and if there are any changes to user data, it will record who made the change and when as well as what the data has changed from and to. Page 5

Application Architecture The application has been specifically designed to ensure ease of deployment for clients, using industry standard HTML, Java and.net delivering the client through a selection of standard browsers such as Microsoft Explorer, Firefox, Safari etc. This type of web applications is an ideal solution due to the ubiquity of web browsers, and the convenience of using a web browser as a client. The ability to update and maintain web applications without distributing and installing software on potentially thousands of client computers is a key reason for it selection, as is the inherent support for cross-platform compatibility. Also the structure of the design and the segregation of individual clients enable easy and secure bespoke applications to be developed specifically for clients, the bespoke element either only being available to be accessed by specific clients or have these development deployed over all instances. Users pass request to the Server from any client with access, this request is non client specific The IIS server interprets the request into a page capable of being displayed by any client Information is passed back to the client in a web page format which can be displayed in any web browser. This principal of being able to create very complex applications without the client users being aware is at the heart of the principals of the application, regardless of how the users access the system either through standard browsers or using mobile applications users are presented with a common interface. System Scalability The design of the system is based on industry standard platforms both for data management using Microsoft s SQL Server and web services delivery using Microsoft Internet Information Servers. To ensure additional security as well as data segregation every new client site is created as both an individual SQL instance as well as a separate IIS site instance. Page 6

Client data is also protected in a number of ways which range from the quality of storage technology, measures to avoid interception through the process to recover from failures. Data Management SQL server is configured currently as a single instance server within a cluster, this cluster can be easily expanded to accommodate both volume transactions as well as volume data requirements. Since each database is specifically allocated to a client instance, modifications and bespoke elements can easily be implemented without impacted any other client site. Web Delivery The architecture for the IIS servers deployment has been specifically designed to support Load balancing technologies to ensure any requirement for increased demand can be supported. Since each IIS server can service any of the websites hosted in the cluster this process also enables an element of resilience in the system. Access to your data is controlled by user account and password which provides access only to the data the user is authorised to see Page 7

Office Process Security Network Security The Smart Assessor offices are protected by Zone Alarm Professional Firewall, which includes a central virus and malware scanner and an intrusion prevention module that monitors network traffic for malware communication, as well as Avast Antivirus which performs daily scans of the systems. In addition, all Smart Assessor employees have a security suite (antivirus and firewall) installed on their computers. Staff Training All staff are trained in the importance of data security and the Data Protection Act. Local Encryption of Sensitive Data Access by Smart Assessor staff to customer data is normally restricted to web application access during the resolution of support calls. When Smart Assessor work on a consultation basis with customers and there is a requirement to work with a local copy of customer data, then Microsoft s EFS (file and folder encryption) and strong Windows passwords are used to protect the data. Portable File Storage Smart Assessor staff are advised not to store sensitive data on portable devices such as USB flash drives. However, the local security policies of customers occasionally require that data be encrypted and physically escorted direct to the intended receiver. On the rare occasions that data is transported off client site on portable storage, the data is first compressed and encrypted by 7-Zip using AES-256 encryption and a strong password. 7-Zip is available in portable form and can be run directly from a USB flash drive, allowing its use wherever USB flash drive use is permitted, with no local software installation required. Page 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback