interoute, security, and you at interoute, we know that ... · its security is underpinned by...
Post on 02-Jun-2020
8 Views
Preview:
TRANSCRIPT
www.interoute.com
To maintain the Confidentiality, Integrity and Availability of
your data across our solutions, and for your peace of mind,
Interoute has implemented a series of policies designed to
demonstrate a robust security control environment with which
to manage security and reduce information risk consistently
within the business.
Interoute believes that your data is more secure when your
security is layered onto our own.
This means that you can maintain your own data security
through Interoute’s provided solution, giving your company both
the flexibility and the control to meet industry standards for best
practice. We take your security as seriously as you do.
Our products: Unified Communications, Unified Computing,
Unified Connectivity and Unified Transport have security built
into them from the start. Our services are built on our own secure
network, and within our ISO 27001 certified Data Centres.
This means that Interoute can offer secure, quality, cost effective
connectivity to and between our environments, still assuring the
Confidentiality, Integrity and Availability of your data within it.
Should you need further security measures, Interoute has
an extensive portfolio of solutions, and our teams would be
delighted to talk with you about any requirements you may have.
ENTERPRISE SECURITY MANAGEMENT
ISO 27001
Interoute, Security, and YouAt Interoute, we know that data is at the heart of all ICT solutions. This is why, in our solutions, we ensure its security is underpinned by Industry best practices.
ISO 27001
Interoute has established, and maintains, an Enterprise-wide ISO
27001 (ISO/IEC 27001:2005) certified Security Management
System for our Operations Centre and Data Centres.
ISO 27001 is an internationally recognised and independent
specification for information security management. It provides
an extensive checklist of best-practice security controls which
must be considered for use in the organisation’s information
security control framework. These controls include technical,
procedural, HR and legal compliance controls and a rigorous
system of internal and independent external audits.
ISO 27001 certification allows Interoute to demonstrate a robust
information security control environment to manage security
and reduce Information risk consistently within its business.
By embedding ISO 27001 security controls into the design of
our solutions, Interoute controls the Confidentiality, Integrity &
Availability of our customers’ data holistically across the various
infrastructure and platform technologies supporting our solutions,
as well as our own network and service management systems.
Interoute’s product portfolio provides a variety of security
solutions, including Firewalls, DDOS protection, Intrusion
prevention, Web and URL filtering, Email filtering, and “Secure
Access”, as well as other security solutions, all of which are
available based on your requirements.
Enterprise Security Integration
Interoute has integrated our ISO 27001 controls within ITIL
processes throughout the organisation.
Our Enterprise Security Management System is continually
improved using a variety of control mechanisms, with Security
Management measured on a ‘Plan-Do-Check-Act’ monitoring
program. This approach represents a risk and security management
framework which enables us to improve our operations as well as
sustaining our customer requirements continually.
Further Accreditations
Interoute specifically adopted ISO 27001 for our Data and
Operations Centres to work within a framework of best practice
to manage Information Security risk. Beyond implementing ISO
27001 security best practices, and combining with ITIL processes
throughout the organisation, Interoute has achieved:
• Payment Card Industry Data Security Standard (PCI DSS)
certification
• 3rd party assurance in the form of an ISAE 3402 report
• EU Data Protection Directive compliance
Scope
The scope of the Interoute ISO 27001 certification applies all
of the 11 main ISO 27001 control areas across the scope of the
certification, with 120 of the 133 control objectives applicable
to the certificate.
Interoute drives our integrated Enterprise Security Management
System across all our operations, ensuring customer data
security throughout.
This methodology is maintained through:
• Extensive Information Security and
Physical Security policy suites
• 24x7x365 Service Monitoring and
Customer Operations Centre
• 24x7x365 Network Operations Monitoring
& Technical Operations Centre
• Geographically diverse Operations Centres
• Operations Event and Incident Management
• Change and Configuration Management
• Business Continuity & Crisis Management
• Service Level Availability Commitments
• Physical Security Management and Controls (CCTV,
intrusion/motion detection and 24x7 monitoring)
• Facility Management through Building
Management Systems and 24x7 monitoring
• N+1 facility, infrastructure and network technology designs
• Employee security roles, responsibilities
and security awareness training
• Field Operations across Europe, with dedicated
technology platform resources to respond to failures
• Internal and External Technology
Expertise and Support Resources
• Internal Auditing
• Establish ISMS • Implement & Operate ISMS
• Maintain & Improve ISMS
• Monitor & Review ISMS
Plan
Act
Do
Check
www.interoute.com
Control Areas & Mechanisms
Security Policy Management - Interoute has a
comprehensive suite of security policies which define
the principles of security management across our
operations, and have enabled us to attain ISO 27001 certification
for our Operations Centre (Prague) and ISO 27001 certification
or national equivalent for Data Centre Operations in Amsterdam,
Berlin, Geneva, and Stockholm. All Interoute’s Operations Centres
and Data Centres follow the same processes, regardless of
certification status, and expansion of the certification is planned
for all key facilities.
Security Organization Management - Interoute’s
Enterprise Security Management System is coordinated
by the Chief Security and Risk Officer, through the
Interoute Security Committee (ISC), and chaired by the Executive
V.P. of Network Operations. It includes dedicated security
resources with defined roles and responsibilities across operations
functions, and regular internal audits to manage security policies,
processes and ensure compliance to security policies and controls.
Asset Management - Interoute maintains formal
inventories of the information assets requiring
protection by an extensive suite of security policies,
processes and controls. These detail all service and platform
components, with pre-defined functional owners for maintenance,
and are reviewed on an annual basis.
Human Resources – Interoute’s policies set out the
roles and responsibilities involved in information
security. Interoute maintains a formal process defining
clear security rules and processes for reviewing and terminating
systems access. Employees have to comply with our security
policies and have a minimum of annual security awareness training,
with their security responsibilities defined in their job descriptions.
Specific sensitive jobs with access to internal systems must sign
codes of conduct.
Physical & Environment Security - Interoute’s
corporate systems are maintained within Interoute
ISO 27001 accredited Data Centres, with 24x7
security guards, CCTV and intrusion detection. All physical access
is restricted to Interoute employees.
All technical facilities are monitored 24x7 with fire detection and
fire suppression systems, with a resilient N+1 design for power
and network resiliency, and POPs monitored 24x7.
Communications & Ops Management - Interoute‘s
security policies cover the correct and secure operation
of information processing facilities, designed to
protect and maintain the integrity and availability of information
and information processing facilities, minimizing the risk of
systems failures. These include backups, segregation of duties, and
additional security solutions both within Interoute’s systems, and
available to our customers depending upon requirements
Access Control - Interoute‘s security policies cover
logical and physical access controls, as well as specific
product features to protect critical information. Access
to data and systems is based on the principle of least privilege,
with rights granted based on functional responsibilities. This is
reviewed regularly to ensure security compliance, and includes
specific escalation processes for any non-compliance.
Systems Development & Maintenance - Interoute
has integrated security into every stage of the system
development life cycle with any issues or non-
conformities escalated to Security & Risk management for review
and remediation
Incident Management - Interoute has established
a Security Incident Management Methodology to
respond to operational risks and measure compliance
to applicable security policies in order to preserve the integrity
of Interoute by detecting and reporting incidents to the Chief
Security & Risk Officer and the Director of Operations Security,
with notification on detection to impacted customers.
The process defines the criteria for identifying and managing
Security Incidents affecting the Interoute network and customer
services, and defines, at a high level, how to open, handle and
resolve Security Trouble Tickets (STTs)
Business Continuity Management - Interoute’s
critical operations are protected by a comprehensive
Business Continuity Management system, integrating
best practices from BS 25999, ITIL and ISO 27001. This includes
continuity tests for our Operations and Data Centres, across
operations functions, network platforms and corporate systems.
Our Data Centres require specific BCP plans and tests for
accreditation. However, customer Disaster Recovery solutions are
also available, providing differing levels of high availability solutions.
Compliance Management - Interoute‘s ISO 27001 based Security
Management system requires on-going audits across all
functions of Interoute business operations. This means
that we consistently apply the prescribed best practice
to ISO 27001 security policies and business processes. In order
to maintain our compliance, we are subject to annual continuing
assessment visits by independent certification body, and Interoute
has also embedded quarterly technical compliance audits into the
core of our operations functions.
Find out how Interoute can support your business. For more information visit www.interoute.com or email info@interoute.com.
top related