Post on 11-May-2018
transcript
Interoute, Security, and You
At Interoute, we know that data is at the heart of all ICT solutions. This is why, in our solutions, we ensure its security is underpinned by Industry best practices.
To maintain the Confidentiality, Integrity and Availability of your data across our solutions, and for your peace of mind, Interoute has implemented a series of policies designed to demonstrate a robust security control environment with which to manage security and reduce information risk consistently within the business.
Interoute believes that your data is more secure when your security is layered onto our own.
This means that you can maintain your own data security through Interoute’s provided solution, giving your company both the flexibility and the control to meet industry standards for best practice. We take your security as seriously as you do.
Our products: Unified Communications, Unified Computing, Unified Connectivity, Unified Transport and our Virtual Data Centre (VDC) have security built into them from the start. Our services are built on our own secure network, and within our ISO 27001 certified Data Centres.
This means that Interoute can offer secure, quality, cost effective connectivity to and between our environments, still assuring the Confidentiality, Integrity and Availability of your data within it.
Should you need further security measures, Interoute has an extensive portfolio of solutions, and our teams would be delighted to talk with you about any requirements you may have.
ISO 27001
EntErprISE SEcurIty ManagEMEnt
Interoute, Walbrook Building, 195 Marsh Wall, London, E14 9SG, UK. Telephone: +44 20 7025 9000 Email: info@interoute.com
© Interoute Communications Limited www.interoute.com
Hosting
Video Services
Internet
VPN
Voice
Bandwidth
Infrastructure
Access Control
Communications & Operations Management
Physical & Environment
Security
Systems Development &
Maintenance
Incident Management
Human Resources
Security Organisation Management
Compliance Management
Business Continuity
Management
Asset Management
Con�dentiality
INFORMATION
Availabilty
P
Integrity
Security Policy Management
UN
IFIE
D
CO
MP
UTI
NG
UN
IFIE
D
TRA
NS
PO
RT
UN
IFIE
D
CO
NN
ECTI
VIT
YU
NIF
IED
C
OM
MU
NIC
ATI
ON
S
ISO 27001
Interoute has established, and maintains, an Enterprise-wide ISO 27001 (ISO/IEC 27001:2005) certified Security Management System for our Operations Centres and Data Centres.
ISO 27001 is an internationally recognised and independent specification for information security management. It provides an extensive checklist of best-practice security controls which must be considered for use in the organisation’s information security control framework. These controls include technical, procedural, HR and legal compliance controls and a rigorous system of internal and independent external audits.
ISO 27001 certification allows Interoute to demonstrate a robust information security control environment to manage security and reduce Information risk consistently within its business.
By embedding ISO 27001 security controls into the design of our solutions, Interoute controls the Confidentiality, Integrity & Availability of our customers’ data holistically across the various infrastructure and platform technologies supporting our solutions, as well as our own network and service management systems.
Governance & Accreditations
Interoute specifically adopted ISO 27001 for our Data and Operations Centres to work within a framework of best practice to manage Information Security risk. Beyond implementing ISO 27001 security best practices, and combining with ITIL processes throughout the organisation, Interoute has achieved:
• Payment Card Industry Data Security Standard (PCI DSS) certification
• 3rd party assurance in the form of an ISAE 3402 Type II report
Security Services
Interoute’s Expertise, along with our extensive product portfolio of security solutions, can help you achieve your own certification, using our solution as a base to develop from.
Our experience security professionals can leverage their knowledge, with your solution, and our Security products to meet your business technology needs.
Our Security Products include:
• Firewalls,
• DDOS protection,
• IPS,
• Web and URL filtering,
• Email filtering,
• other security solutions
• professional services,
all of which are available based on your requirements.
Let us help you maintain your Security.
Interoute, Walbrook Building, 195 Marsh Wall, London, E14 9SG, UK. Telephone: +44 20 7025 9000 Email: info@interoute.com
© Interoute Communications Limited www.interoute.com
EntErprISE SEcurIty ManagEMEnt
ISO 27001
Enterprise Security Integration
Interoute has integrated our ISO 27001 controls within ITIL processes throughout the organisation.
Our Enterprise Security Management System is continually improved using a variety of control mechanisms, with Security Management measured on a ‘Plan-Do-Check-Act’ monitoring program. This approach represents a risk and security management framework which enables us to improve our operations as well as sustaining our customer requirements continually.
Scope
The scope of the Interoute ISO 27001 certification applies all of the 11 main ISO 27001 control areas across the scope of the certification.
Interoute drives our integrated Enterprise Security Management System across all our operations, ensuring customer data security throughout.
This methodology is maintained through:
• Extensive Information Security and Physical Security policy suites
• 24x7x365 Service Monitoring and Customer Operations Centre
• 24x7x365 Network Operations Monitoring & Technical Operations Centre
• Geographically diverse Operations Centres
• Operations Event and Incident Management
• Change and Configuration Management
• Business Continuity & Crisis Management
• Service Level Availability Commitments
• Physical Security Management and Controls (CCTV, intrusion/motion detection and 24x7 monitoring)
• Facility Management through Building Management Systems and 24x7 monitoring
• N+1 facility, infrastructure and network technology designs
• Employee security roles, responsibilities and security awareness training
• Field Operations across Europe, with dedicated technology platform resources to respond to failures
• Internal and External Technology Expertise and Support Resources
• Internal Auditing
Establish ISMS
Implement & Operate
ISMS
Maintain & Improve ISMS
Monitor & Review ISMS
Plan
Act
Do
Check
Interoute, Walbrook Building, 195 Marsh Wall, London, E14 9SG, UK. Telephone: +44 20 7025 9000 Email: info@interoute.com
© Interoute Communications Limited www.interoute.com
EntErprISE SEcurIty ManagEMEnt
ISO 27001
Control Areas & Mechanisms
Security Policy Management - Interoute has a comprehensive suite of security policies which define the principles of security management
across our operations, and have enabled us to attain ISO 27001 certification for our Operations Centre (Prague) and ISO 27001 certification or national equivalent for Data Centre Operations in Amsterdam, Berlin, Geneva, and Stockholm. All Interoute’s Operations Centres and Data Centres follow the same processes, regardless of certification status, and expansion of the certification is planned for all key facilities.
Security Organization Management - Interoute’s Enterprise Security Management System is coordinated by the Chief Security and Risk
Officer, through the Interoute Security Committee (ISC), and chaired by the Executive V.P. of Network Operations. It includes dedicated security resources with defined roles and responsibilities across operations functions, and regular internal audits to manage security policies, processes and ensure compliance to security policies and controls.
Asset Management - Interoute maintains formal inventories of the information assets requiring protection by an extensive suite of security
policies, processes and controls. These detail all service and platform components, with pre-defined functional owners for maintenance, and are reviewed on an annual basis.
Human Resources – Interoute’s policies set out the roles and responsibilities involved in information security. Interoute maintains a formal process
defining clear security rules and processes for reviewing and terminating systems access. Employees have to comply with our security policies and have a minimum of annual security awareness training, with their security responsibilities defined in their job descriptions. Specific sensitive jobs with access to internal systems must sign codes of conduct.
Physical & Environment Security - Interoute’s corporate systems are maintained within Interoute ISO 27001 accredited Data Centres, with 24x7
security guards, CCTV and intrusion detection. All physical access is restricted to Interoute employees.
All technical facilities are monitored 24x7 with fire detection and fire suppression systems, with a resilient N+1 design for power and network resiliency, and POPs monitored 24x7.
Communications & Ops Management - Interoute‘s security policies cover the correct and secure operation of information processing
facilities, designed to protect and maintain the integrity and availability of information and information processing facilities, minimizing the risk of systems failures. These include backups, segregation of duties, and additional security solutions both within Interoute’s systems, and available to our customers depending upon requirements.
Access Control - Interoute‘s security policies cover logical and physical access controls, as well as specific product features to protect critical
information. Access to data and systems is based on the principle of least privilege, with rights granted based on functional responsibilities. This is reviewed regularly to ensure security compliance, and includes specific escalation processes for any non-compliance.
Systems Development & Maintenance - Interoute has integrated security into every stage of the system development life cycle with any issues or
non-conformities escalated to Security & Risk management for review and remediation.
Incident Management - Interoute has established a Security Incident Management Methodology to respond to operational risks and measure
compliance to applicable security policies in order to preserve the integrity of Interoute by detecting and reporting incidents to the Chief Security & Risk Officer and the Director of Operations Security, with notification on detection to impacted customers.
The process defines the criteria for identifying and managing Security Incidents affecting the Interoute network and customer services, and defines, at a high level, how to open, handle and resolve Security Trouble Tickets (STTs).
Business Continuity Management - Interoute’s critical operations are protected by a comprehensive Business Continuity Management
system, integrating best practices from BS 25999, ITIL and ISO 27001. This includes continuity tests for our Operations and Data Centres, across operations functions, network platforms and corporate systems. Our Data Centres require specific BCP plans and tests for accreditation. However, customer Disaster Recovery solutions are also available, providing differing levels of high availability solutions.
Compliance Management - Interoute‘s ISO 27001 based Security Management system requires on-going audits across all functions of Interoute
business operations. This means that we consistently apply the prescribed best practice to ISO 27001 security policies and business processes. In order to maintain our compliance, we are subject to annual continuing assessment visits by independent certification body, and Interoute has also embedded quarterly technical compliance audits into the core of our operations functions.
Find out how Interoute can support your business. For more information visit www.interoute.com or email info@interoute.com
EntErprISE SEcurIty ManagEMEnt
ISO 27001
Interoute, Walbrook Building, 195 Marsh Wall, London, E14 9SG, UK. Telephone: +44 20 7025 9000 Email: info@interoute.com
© Interoute Communications Limited www.interoute.com