Changes

There are a number bxp has an extensive amount of articles relating to the Audit Logs for security capabilities of the system and their associated reports review purposes: [[Category:Module_Specific:System_Access_ManagementBxp_-_Audit_Logs]]

* The bxp firewalls, switches and data servers are hosted on All n One dedicated equipment in Sungard in Parkwest, DublinAWS EU Ireland Region (EU-WEST-1).* The bxp web servers and load balancers are hosted in secured virtualised environment in Sungard in ParkwestAWS, Dublin.

* With contract provisions, a secondary mirroring site can be provided in Sungardbxp's secondary off site data redundancy infrastructure is based in ClonsaughParis, Dublin.* All client owned content is kept with France and will take over the bxp operation in the Parkwest infrastructureevent of AWS Ireland Failure.

For the above reasons and the reasons of physical security, operational support and intellectual property protection, bxp '''cannot''' be installed on client equipment or in client premises and can only ever be accessed securely through the Internet. bxp does however support references to local client data. For example in eLearning or message to staff scenarios, bxp can present urls or links such as \\OurLocalServer\Important\Info\file123.docx which means that bxp can be used by the organisation but the link will only work when the data is available locally to the machine. Further examples are used in Quality Assurance when the phone / call recordings are stored locally and the reference is loaded into bxp. This way large volumes of call data does not need to be transferred into bxp.

=== Data Protection and Data Retention ===  

Currently All n One does not have ISO 27001 accreditation. All n One are currently implementing the standard. All n One are seeking accreditation with a view to it being in place by operationally throughout the end of Q1 2015. http://en.wikipedia.org/w/indexbusiness.php?title=ISO27001

  === ISO 9001 ===  All n One is not currently ISO9001 accredited. Though the majority (estimated 70% as of October 2014) of our processes and procedure are document, All n One would require a Patron before seeking accreditation.

=== PCI DSS ===  Currently All n One does not have PCI DSS compliance accreditation. All n One operates the implementation of all of the Control Objectives, but is not accredited. All n One are working towards accreditation but require a bxp client to patron it's implementation as we do not have any bxp client with this requirement currently.

* '''Build and Maintain a Secure Network''' ** 1. Install and maintain a firewall configuration to protect cardholder data ** 2. Do not use vendor-supplied defaults for system passwords and other security parameters * '''Protect Cardholder Data''' ** 3. Protect stored cardholder data ** 4. Encrypt transmission of cardholder data across open, public networks * '''Maintain a Vulnerability Management Program''' ** 5. Use and regularly update anti-virus software on all systems commonly affected by malware ** 6. Develop and maintain secure systems and applications * '''Implement Strong Access Control Measures''' ** 7. Restrict access to cardholder data by business need-to-know ** 8. Assign a unique ID to each person with computer access ** 9. Restrict physical access to cardholder data * '''Regularly Monitor and Test Networks''' ** 10. Track and monitor all access to network resources and cardholder data ** 11. Regularly test security systems and processes * '''Maintain an Information Security Policy''' ** 12. Maintain a policy that addresses information security    === ENISA ===

As part of ENISA's work they have developed

=== OWASP ===  The Open Web Application Security Project (OWASP) is an online community dedicated to web application security. The OWASP community includes corporations, educational organizations, and individuals from around the world. This community works to create freely-available articles, methodologies, documentation, tools, and technologies. The OWASP Foundation is a 501(c)(3) charitable organization that supports and manages OWASP projects and infrastructure. It is also a registered non profit in Europe since June 2011. http://en.wikipedia.org/wiki/OWASP

One of the projects delivered by OWASP is the Top 10 Project. https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

=== W3C XHTML Compliance ===  The whole of bxp uses XHTML 1.0 as the document standard. For this reason, we validate against the W3C XHTML 1.0 standard.

=== WAI Accessability Compliance ===  ''The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect.'' Tim Berners-Lee, W3C Director and inventor of the World Wide Web

=== TIA-942 ===  The Telecommunications Industry Associations (TIA) has TIA-942 Telecommunications Infrastructure Standard for Data Centers http://en.wikipedia.org/wiki/Data_center

Although not certified to any of this standard Sungard AWS can deliver to Tier 4. For more information please review [[bxp_software_in_Sungard]] === COBIT ===this service

=== ITIL ===  

For more information on the physical hosting of bxp [[bxp_software_in_SungardBxp_software_in_AWS_Cloud_Services]]

All n One manage all client data from a single centralised location. 48 / 49 Western Parkway Business Park, Lower Ballymount Road, Dublin 12, D12 DK49. This site operates a number of security processes and procedures to ensure operational security. [[bxp_Bxp_-_Ballymount_Security]]

=== SOX 404 and / SAS-70 and ISAE3402 ===