|
By providing customers
with SAS 70 Type II audit report, Penta can help them
control the costs of regulatory compliance, as well as
offer assurance that it has established effective
internal controls over the hosting of customer data.
Controls:
Logical
Security
-
Controls provide reasonable
assurance that logical access to critical systems
and applications is restricted to properly
authorized personnel.
-
Controls provide reasonable
assurance that logical access to critical systems
and applications is appropriately restricted by the
implementation of identification and authentication
mechanisms to reduce the risk of unauthorized or
inappropriate access to the organizations
applications or data and the lack of accountability.
-
Controls provide reasonable
assurance that remote access to critical systems and
applications is logged and restricted to authorized
personnel.
Controls provide reasonable assurance that
production networks are protected from undesired
external access from public networks.
-
Controls provide reasonable
assurance that Company’s information systems are
protected against viruses.
Physical Access
- Controls provide
reasonable assurance that physical access to
computer equipment, storage media and network
infrastructure in the datacenters is restricted to
properly authorized individuals.
System Maintenance
- Controls provide
reasonable assurance that applications and operating
systems are regularly monitored in order to check
their operability.
Change Control
- Control provides
reasonable assurance that components such as
applications (Office, Exchange, SQL server,
Navision, BlackBerry, Client specifics), system
software (operating, AD, DNS server, Citrix,
appliance firmwares), system hardware, appliances
and other networking hardware are controlled in a
way that additions, modifications or removals are
authorized, tested, approved, properly implemented
and documented.
- Controls provide
reasonable assurance that environmental controls are
established to protect systems hosted in the data
center from environmental hazards.
Backup and Restore
- Controls provide
reasonable assurance that application, operating
systems, files, and data are backed up on a
scheduled basis and rotated to an offsite location.
Business Continuity
- Controls provide
reasonable assurance that the continuity of services
is ensured in case of a failure of a critical
infrastructure component.
Service Level
Management
- Controls provide
reasonable assurance that services and related
levels of service provided by Penta to its Clients
are formally defined, agreed by both parties and
regularly monitored
|
|
|
|
