Ales Market Research | Wingsknowledge
Security Statement
Introduction
The management team of Ales Market Research is committed to maintaining the confidentiality, availability, and integrity of its physical, electronic, and informational assets in relation to clients, internal resources, and business delivery model.
Ales Market Research is committed to protecting assets from internal and external, intentional and unintentional threats, and our information security requirements will continue to be defined in tandem with these organizational objectives. Ales Market Research seeks to ensure that:
- Confidentiality of assets is ensured and protected against unauthorized access.
- The integrity of our data assets is maintained.
- Availability of assets is ensured, and business continuity plans are produced, updated, and tested.
- Regulatory requirements are satisfied.
- Information security training is mandatory for all staff members.
- Risk assessment and auditing exist within our teams.
- Technical and procedural controls are appropriate for their intended use and are applied appropriately.
Physical access to Server room
- All visitors must be registered and accompanied.
- Access control to the server room is further restricted to only key IT infrastructure team personnel.
- Third parties who require access to the server room must schedule an appointment and be accompanied while performing their duties.
- Ales Market Research employs a certified IT asset disposal specialist and maintains certificates of destruction (CODs) to reconcile with our asset inventory.
- Uninterruptible Power Supply (UPS) units are in operation to provide short-term protection against power outages and service damage.
Internet and Network Security
Ales Market Research desires to provide a high level of assurance to our staff and clients that our servers and devices connected to the Ales Market Research network provide an adequate level of Confidentiality, Integrity, and Availability. Ales Market Research offers services that satisfy the following criteria:
- All client login data shall be encrypted in transit. Firewall and network switch management is restricted to Ales Market Research infrastructure personnel, and its operation is reviewed ad hoc.
- Vulnerability and penetration tests are performed on our network resources by Ales Market Research and accredited third parties under contract. The act of scanning Ales Market Research‘s resources without authorization is considered unauthorized.
- Ales Market Research identifies known client connections in conjunction with the validation of usernames and passwords to authenticate our internet-facing systems.
- Inbound and outbound requests are restricted to services required to operate Ales Market Research products and services.
- External access to internal systems is restricted to authorized personnel using VPN and/or SSH cryptographic keys via known, hardened devices.
- Logs of Security and operational events are collected, retained, and analyzed.
- Wireless LAN connectivity requires WPA/WPA2 keys and a specified configuration for settings.
Desktop Environment
The desktop environment is orchestrated using centrally approved policy engines to control the behavior and profile of our estate; these controls provide consistent security/operational restrictions in addition to software approval and log requirements for assets. All Ales Market Research laptops are required to have vulnerability patches, full disk encryption, and managed endpoint protection as a standard feature.
Virus Security
Our endpoint protection is provided by a top-tier enterprise product that is updated multiple times per day to provide comprehensive internet and device protection options.
Security Monitoring
Ales Market Research is developing a monitoring and alerting capability to connect point solutions and provide greater security event correlation. While a variety of logs are collected, they are typically distinct. Anti-virus, firewall, application servers, proxies, network traffic, Intrusion detection systems, and ISP log data are presently collected for analysis in this manner.
Backup and recovery
Applications created by Ales Market Research are backed up frequently and deployed with redundant copies of all components. The data of Ales Market Research are stored on redundant hardware, with off-site backups. Third-party providers of data or components of our services must meet or exceed these requirements.
Data integrity checks and restore testing are included in the work schedule.
Anti-virus Controls
Ales Market Research operates a server and endpoint antivirus solution of enterprise class.
Endpoint Encryption
As part of our data loss prevention strategy, Ales Market Research has implemented full-disk encryption on all of our endpoints.
Independent Penetration testing
Ales Market Research employs an independent security consulting firm to perform annual network and application asset penetration testing and report on their posture.
Incident Response & Communication
Information security is a subset of business continuity/disaster recovery arrangements for Ales Market Research. Incident response plans are event-specific but adhere to the following structure:
- Detect
- Declare
- Assess
- Contain/Retain
- Investigate
- Recover
- Post-incident investigation
During the assess phase of an incident, communications management is addressed by considering the reporting/update requirements for employees, customers, media, and authority stakeholders.
Post-incident analysis is the process of reviewing response performance and utilizing reflective sources to determine areas for improvement. At the conclusion of the review, interested parties may review this analysis.
Patch Management
Ales Market Research manages a complex estate of network equipment and enterprise software with varying performance, security, and reliability requirements. Multiple systems are administered by Ales Market Research to deliver appropriate patch/update levels and associated reports.
