What is the security implementation scheme?

Physical Security

Our production centres are housed in modern brick buildings. The offices are equipped with 24-hour CCTV (closed-circuit television) systems, fire alarms, emergency lighting and fireproof carpets. Access can only be gained through a locked, coded entry door or through a locked, front reception door. Visitors to the building are required to identify themselves, state the purpose of their visit and sign a visitors' book. Visitors are escorted by an appointed company representative during their time in the facility to prevent accidental or unauthorized disclosure of customer information.

Document Security

Documents are received in a pre-designated area, logged in and tracked under our accountability control system. No documents are left unattended in the processing area. At the end of the work day, all in-process work, including data on all electronic media, is accounted for and returned for processing the following day.

Data Security

Data entry process is performed from images over a private network which has no connection to the Internet. Firewalls are in place for all the servers. We use a thin client-server approach which means all work done is saved in the central servers instead of individual workstations. Images, data, and all processing related intermediate files stay on the central servers.

Data entry operators only have "input" right but they do not have "output" right. The data entry operators can only input data into the central servers but they cannot download, copy, move, delete or print any file from the central server. All the workstations are diskless (no floppy drive, no CD-ROM, no DVD-ROM). The USB ports of all workstations are disabled as well. No printer is attached to any workstation. The data entry operators are not allowed to bring laptops, PDAs or any other electronic device into our offices. Wi-Fi access in the office is disabled.

We also have following data security measures implemented:

(1) Establish strong password for all the servers and workstations

(2) Put up strong firewalls for all the servers

(3) Install Anti-virus protection

(4) Update systems and programs regularly

(5) Automatic Backup

(7) Regular staff education training on security, privacy and confidentiality.(6) Monitor regularly by system administrator

Encryption

Underpinning all digital security systems is encryption. Encryption is the technology that hides documents from those who are not authorized, and verifies that the content the originator created is unchanged.

Data from clients to us and between our data centers are secured by using encrypted emails or secured FTP. All files are encrypted first using PGP before uploading to the secured FTP servers to provide a double security measurement.

Data Retention & Sanitization

 By default, the data (source images, intermediate files and output files) will be kept in our production centres for one month. After one month, these files willbe securely removed by using DoD 5220.22-M data sanitization method which will prevent all software based file recovery methods from lifting information from the drive and should also prevent most if not all hardware based recovery methods.

A data sanitization method is the specific way in which a data destruction program overwrites the data on a hard drive or other storage device. The DoD 5220.22-M sanitization method was originally defined by the US National Industrial Security Program (NISP) in the National Industrial Security Program Operating Manual (NISPOM) and is one of the most common sanitization methods used in data destruction software

Confidentiality.

Prior to employment, applicants are required to read and sign an "Employee Non-Disclosure Agreement" for the protection of the customer's documents. Training in security and confidentiality is given both quarterly and with each new project. We maintain the most stringent standards of data and document security.

 

 

category: