Data security is a serious concern for the customers as well as for us. Cyber criminals are getting more sophisticated all the time. They have been able to compromise large security conscious companies like the credit reporting agencies.
When it comes to security, there are no magic bullets. In addition to best technology it requires training of staff, training in security matters, good housekeeping etc.
We adhere to Better Business Bureau’s Online Reliability standards and are proud to display their logo on our site.
Later in this report, we will describe the current practices at Indevia to secure your data.
However, we work on improving security on an on-going basis. It is a large part of our Chief Information Officer’s responsibility. We are working on a program that will bring us certification under ISO 27002 standards. This is the specification for an information security management system (ISMS).
There are two parts to data security:.
- Technology – hardware, software, communications.
- Business Processes.
Let us address each part separately: Technology – hardware, software, communications.
We work with our clients in different ways
A. If you want to keep your data on your server:
- We can access your server via VPN (Virtual Private Network) or Terminal Services. The VPN services are protected by L2TP (Layer 2 Tunneling Protocol), while Terminal Services are protected by RDP (Remote Desktop Protocol).
- L2TP does not provide confidentiality or strong authentication by itself. We are evaluating additional security to L2TP such as IPSec.
- Right now, Terminal Services is the protocol we recommend. It provides 128-bit encryption, thus it is more secure.
- Of course, you have to ensure that your server is secure.
B. If you feel comfortable to give us your data:
- You upload your files to us via www.leapfile.com, one of several secure file transfer services. The connections from your desktop to LeapFile server, and from Leapfile to Indevia server are protected by SSL (Secure Socket Layer).
- SSL is a cryptographic protocol that provides secure communications over the Internet. The SSL protocol allows applications to communicate across a network in a way designed to prevent eavesdropping, tampering, and message forgery.
- Once the data gets to the Indevia server, again the connection between the Indevia server and Indevia office is via Terminal Services.
Business Processes
Our office has strict access control. We use a Honeywell system that requires a badge and a matching fingerprint to enter the premises. Our employees are paid based on this access control record
- We check references on all our employees.
- All employees sign a confidentiality agreement.
- Staff members review the security procedures once a quarter and are briefed on the latest trends on security breaches and how to prevent them.
- Passwords are changed once a month.
- Upon the departure of any employee, all the access codes are changed immediately.
- The workstations do not have any recording devices on them.
- Staff members have restricted access to the Internet.
- Staff members do not have email or IM software.
- Workstations are loaded with only the necessary software, and no other software can be installed without the permission of the CIO. We run a check every quarter to verify that no new software has been added.
|
