|
|
|
Home >
Quality >
Security policy
|
Security Policy |
| Security Policy is a definition of what it means to "be secure" for a system. The security
policy addresses constraints on functions and flow among them, constraints on access by external
systems and adversaries including programs and access to data by people. FlexOrbits Security
Policy is aimed at maintaining greater levels of physical security, information/data access
security, network security and voice calls security. We follow
ISO 17799
standards for
security
management. |
Physical Security |
Physical Security describes both measures that prevent or deter attackers from accessing
the
FlexOrbits facility,
resource, or information stored on physical media and guidance on how
to design structures to resist various hostile acts.
- Photo ID cards and access cards with easy-to-identify bands are issued to all employees.
- Visitors are provided with separate access/ID cards and are not allowed beyond specific
access points. They are accompanied by internal staff during their visit to the office premises.
- Restricted access for each employee.
- Presence of security guards and 24x7 surveillance systems.
- We have fire protection and fire extinguishers available at comfortable distance.
- The entire
office premise
has been designated as a non-smoking zone.
|
Data Access Security |
Data Access Security or Information Security Policies are a special type of documented business
rule for protecting information/data and the systems which store and process the information.
- Security Firewalls are installed to prevent unauthorized access to the network.
- Group policies in place for accessing PCs and workstations for authorized access.
- Access to important files and directories is given only to specific personnel.
- All email and web servers are located at an independent internet data center.
- GFS Backup policy in place. Monthly backups are stored at an off-site location and removable
backups are kept safe with logs duly maintained. Daily backups are stored in fire-proof safe.
- External security audits are enforced to assess any breach with multi level
security
management
in control.
- By default, all ports (USB, Serial, Parallel) are disabled on PCs. Enabling of the required
ports is done only on specific requests by the client.
- Physical security ensures no CDs, Pen-drives, movable media goes in and out of the facility
without written permission from the
Management.
|
Network Security |
A Network Security policy is a generic document that outlines rules for computer network access,
determines how policies are enforced and lays out some of the basic architecture of the company
security/ network security environment.
- Each client's process is run on a separate VLAN/VPN when run off-shore/off-site.
- Software defined secure tunnels through the internet.
- Only client authorized personnel is allowed to access the VNC/VLAN/VPN. This setup prevents
others from accessing the project information.
- Real-time Anti-virus and SPAM protection for desktops and servers.
- Annual maintenance and scheduled preventive maintenance in place for critical assets.
- Adequate spares are available for all critical infrastructures, thereby minimizing downtime.
- Wireless LAN in the office is also security protected.
|
Voice Calls Security |
- Authorization for use of VoIP lines and is provided on a need or project basis
- VoIP is password protected
- ACD reports are generated on a weekly basis and analyzed.
|
|
|
