Security
Whenever a manager ponders whether to outsource one or several processes of software lifecycle management for a particular product, at some point she/he usually arrives at the following thought:
“OK, so these guys look smart and skilled enough to do the job, but I am about to entrust them with my company's most valuable intangible assets! Will those assets really be secure and well-protected in their hands? Are they really mature enough to always deliver?”
These two questions are indeed very relevant. Ericpol address those issues in the following policies:
• Information Security
• Access Control
• Information Systems Maintenance and Incident Management
• Business Continuity Management
The answers to these questions therefore lie in the procedures and practices implemented in our day-by-day operations.
We abide by the rule that each individual should have access limited to that area truly required to perform a particular assignment. This concerns both physical access to particular office zones and access rights to information systems, tools and databases. We monitor and log usage of systems and presence in zones. We react to alerts immediately. Our network segmentation allows physically separated subnets to be designated within physically separated zones for a particular customer or assignment. Two of those subnets designated for our major customer, a global telecom vendor, have been in operation for the last 11 years. Regular (yearly) security audits have been preformed by the customer over that time and all of them have confirmed our compliance with security requirements.
To assure the availability of information, we regularly back up our information systems and we verify backup usability, and to ensure instant communications, we have backup connection lines provided by separate operators at all our offices.
Those are just a very few examples of the security measures taken by Ericpol. We perform risk identification and assessment for each particular assignment. Then, together with our customer, we make decisions about the treatment of risks. This approach makes us a trustful and secure business partner.
“OK, so these guys look smart and skilled enough to do the job, but I am about to entrust them with my company's most valuable intangible assets! Will those assets really be secure and well-protected in their hands? Are they really mature enough to always deliver?”
These two questions are indeed very relevant. Ericpol address those issues in the following policies:
• Information Security
• Access Control
• Information Systems Maintenance and Incident Management
• Business Continuity Management
The answers to these questions therefore lie in the procedures and practices implemented in our day-by-day operations.
We abide by the rule that each individual should have access limited to that area truly required to perform a particular assignment. This concerns both physical access to particular office zones and access rights to information systems, tools and databases. We monitor and log usage of systems and presence in zones. We react to alerts immediately. Our network segmentation allows physically separated subnets to be designated within physically separated zones for a particular customer or assignment. Two of those subnets designated for our major customer, a global telecom vendor, have been in operation for the last 11 years. Regular (yearly) security audits have been preformed by the customer over that time and all of them have confirmed our compliance with security requirements.
To assure the availability of information, we regularly back up our information systems and we verify backup usability, and to ensure instant communications, we have backup connection lines provided by separate operators at all our offices.
Those are just a very few examples of the security measures taken by Ericpol. We perform risk identification and assessment for each particular assignment. Then, together with our customer, we make decisions about the treatment of risks. This approach makes us a trustful and secure business partner.
