343
edits
Changes
From All n One's bxp software Wixi
no edit summary
'''1. Data in transit protection'''-
Consumer data transiting networks should be adequately protected against tampering and eavesdropping via a combination of network protection and encryption.
'''2. Asset protection and resilience'''-
Consumer data, and the assets storing or processing it, should be protected against physical tampering, loss, damage or seizure.
'''3. Separation between consumers'''-
Separation should exist between different consumers of the service to prevent one malicious or compromised consumer from affecting the service or data of another.
'''4. Governance framework'''-
The service provider should have a security governance framework that coordinates and directs their overall approach to the management of the service and information within it.
'''5. Operational security'''-
The service provider should have processes and procedures in place to ensure the operational security of the service.
'''6. Personnel security'''-
Service provider staff should be subject to personnel security screening and security education for their role.
'''7. Secure development'''-
Services should be designed and developed to identify and mitigate threats to their security.
'''8. Supply chain security'''-
The service provider should ensure that its supply chain satisfactorily supports all of the security principles that the service claims to implement.
'''9. Secure consumer management'''-
Consumers should be provided with the tools required to help them securely manage their service.
'''10. Identity and authentication'''-
Access to all service interfaces (for consumers and providers) should be constrained to authenticated and authorised individuals.
'''11. External interface protection'''-
All external or less trusted interfaces of the service should be identified and have appropriate protections to defend against attacks through them.
'''12. Secure service administration'''-
The methods used by the service provider’s administrators to manage the operational service should be designed to mitigate any risk of exploitation that could undermine the security of the service.
'''13. Audit information provision to consumers'''-
Consumers should be provided with the audit records they need to monitor access to their service and the data held within it.
'''14. Secure use of the service by the consumer'''-
Consumers have certain responsibilities when using a cloud service in order for this use to remain secure, and for their data to be adequately protected.
''All n One provide training for their bxp software to any client who signs up to the service. For this All n One train the client on how to use the system and control the security aspects of the service for their users. The client can also turn on controls as to what a particular user can access so sensitive data could be removed from viewing by a standard colleague.''
