Security and Services: View Critical Documents online.
Confidentiality and security are the foundation to DMC services. DMC has developed and implemented rigorous document handling procedures in order to protect your records from the time they leave your desktop until posted on the secure area at your website.
Engineered as a "cyber-vault", the secured website protects your documents with the latest security technology including: secure scanning center and communications line to hosting site, 128 bit encryption, firewall protection and user passwords.
Your business is about managing the customers' information. Our business is about making that information web accessible. Gain control of the information when you need it and how you need it with DMC's web services.
* Present documents Online
* Provide e-Payment for Online Customers
* Archive and retrieve documents electronically
* Retrieve documents from multiple systems with one query
* Meet compliance for e-mail storage and access
* Scan paper documents for web access
* Invoices, statements, reports, checks and ancillary data
* Print in all formats including ASCII, EBSCDIC, AFP, Metacode and PDF
When you outsource your document web-based archival and retrieval solution to us, you can be sure you'll receive:
* World-class computer hosting facilities
* Secure data environment
* 24 x 7 support
* Instant access to years of data stored Online
* A branded Online solution that can be personalized for each of your customers
* Print stream processing
* E-mail, fax and Web delivery options.
DMC is a SAS 70 certified corporate communications company.
Hosted Services Security Policy
1. Policy statement
"It shall be the responsibility of the Data Management Center to provide adequate protection and confidentiality of all client data, materials and proprietary software systems, whether held centrally, on local storage media, or remotely, to ensure the continued salability of data and programs to all authorized client users, and to ensure the integrity of all data and configuration controls."
We have an established alliance to provide bi-directional dual-site disaster recovery. This relationship provides for print, image and ml services for priority accounts. Processing will be completed at the Chicago area Data Management Center (DMC & RPS). This site is on line with all DMC Print Centers in CA, IL, KY, NC, and MA. With national distribution, labor disputes and difficulties are significantly reduced.
An active and documented business continuity plan will be completed as part of the program implementations.
Customer would be notified if downtime would affect program requirements. If required dual-site recovery procedures would be implemented.
A. The first requirement is restoration of backup files and verification of the process. This will be completed from our off-site data backup server.
B. The second requirement is confirming the program integrity. This would entail confirming that all programs for processing the data have been updated with the latest modifications.
C. Then we would process, print and complete the program requirements and confirm completion with the Customer per our flow chart process as defined herein.
D. The personnel normally used to process your requirements would monitor the offsite recovery process.
Summary of Security Policies.
1.1. Confidentiality of all client data is to be maintained through discretionary and mandatory access controls.
1.2. Remote access by Data Management Center personnel is restricted to authorized personnel only.
1.3. Only authorized and licensed software may be installed on Data Management Center servers, and installation may only be performed by Data Management Center staff.
1.4. All tapes and other removable media from external sources must be virus checked before they are used within the data center.
1.5. Data Management Center passwords must consist of a mixture of at least 6 alphanumeric characters.
1.6. To prevent the loss of availability of Data Management Center/SS’s data center resources measures must be taken to backup data, applications and the configurations of all data center servers and workstations.
2. Virus Protection
2.1. Data Management Center will have available up to date virus scanning software for the scanning and removal of suspected viruses.
2.2. Data Management Center file-servers will be protected with virus scanning software.
2.3. Workstations used by Data Management Center employees who regularly need to bring in data from outside the Company will be protected by virus scanning software.
2.4. All workstations and servers will be periodically scanned by Data Management Center personnel.
2.5. All systems will be built from original, clean master copies whose write protection has always been in place. Only original master copies will be used until virus scanning has taken place.
2.6. To enable data to be recovered in the event of a virus outbreak, regular backups will be made by Data Management Center.
2.7. Employees will be kept informed of current procedures and policies.
2.8. Anti-virus policies and procedures will be reviewed regularly.
2.9. In the event of a possible virus infection the user must inform Data Management Center Operations Manager immediately. Data Management Center will then scan the infected machine and any media or other computers to which the virus may have spread and eradicate it.
3. Physical Security of Client Data
Physical Security of computer equipment will comply with the guidelines as detailed below.
3. Data Center
3.1. Servers, telecom devices, and related hosting hardware shall be housed in a secure data center.
3.2. The data center should contain an adequate r conditioning system to provide a stable operating environment to reduce the risk of system crashes due to component failure.
3.3. No water, rain water or drainage pipes should run within or above the computer cage area to reduce the risk of flooding.
3.4. Access to the computer cage area is restricted to Data Management Center staff and I.T. data center authorized personnel (and only upon approval from Data Management Center).
3.5. All contractors working within the data center are to be supervised at all times and Data Management Center/SS is to be notified of their presence and provided with details of all work to be carried out, at least 48 hours in advance of its commencement.
4. Access Control
4.1. Users will only be given sufficient rights to all systems to enable them to perform their job function. User rights will be kept to a minimum at all times.
4.2. Access to the network/servers and systems will be by individual username and password.
4.3. Usernames and passwords must not be shared by users.
4.4. Usernames and passwords should not be written down.
4.5. When an individual leaves Data Management Center employment, Operations will immediately remove the employee’s rights to all systems.
4.6. Auditing will be implemented on all systems to record login attempts/failures’, successful logins.
4.7. Users requiring access outside normal working hours must notify the Operations Manager in advance, and remote access is only allowed using a VPN connection.
4.8. File systems will have the maximum security implemented that is possible.
5. Physical LAN Security
Hubs and Switches
5.1. LAN equipment, routers, firewalls, switches, will be kept in the secure data center. Cages will be kept locked at all times. Access to cages will be restricted to Data Management Center staff only.I.T.staff and contractors requiring access to hub rooms will notify Data Management Center/SS staff in advance so that the necessary supervision can be arranged.
Operations Monitoring Workstations
5.2. Users must logout of their workstations when they leave their workstation for any length of time.
Wiring
5.3. All network wiring will be fully documented.
5.4. Redundant cabling schemes will be used where possible.
Monitoring Software
5.5. The use of LAN analyzer software is restricted to Data Management Center operations staff only.
5.6. LAN analyzers will be securely locked up when not in use.
Servers
5.7. All servers will be kept securely under lock and key.
5.8. Access to the system console and server disk/tape drives will be restricted to authorized I.T. Services staff only.
Electrical Security
5.9. All servers will be protected by the data center’s UPS systems that also condition the power supply.
5.10. All switches, routers, firewalls and other critical network equipment will also be protected by the data center’s UPS systems.
5.11. In the event of a main power failure, the data center’s UPS system will have sufficient power to keep the network and servers running until the backup system take over.
6. Encryption
6.1. Client user passwords will be stored within Data Management Center Security Application in an encrypted format.
6.2. Any transmission of data from Data Management Center servers to the end user via the public Internet will be encrypted: at the least, using 128-bit SSL (HTTPS), and when possible, using a secure VPN tunnel between locations.
7. Wide Area Network Security*
7.1. The HTTPS protocol will be utilized when end users interact with CLIENT eBill Document Services servers over the public Internet.
7.2. Where leased lines are used, the associated channel service units will be locked up to prevent access to their monitoring ports.
7.3. Unnecessary protocols will be removed from routers.
7.4. Modems will only be used where necessary. In normal circumstances all communications should pass through the Company’s router and firewall.
* 24x7x365 Advanced Hosting Hotline A staff of Certified Microsoft, Macromedia, and Cisco Professionals
* 100% Network Uptime Guarantee
* Enhanced Security via HIP Security Appliance through a strategic partnership with Internet Security Systems, Inc.(ISS)
* 3 Geographically Diverse Tier 1 Data Centers, with Carrier Neutrality via 8 Tier 1 network providers
* Microsoft Gold Certified Hosting Provider, Adobe Solutions Provider
8. TCP/IP & Internet Security
8.1. Permanent connections to the Internet will be via the means of a firewall to regulate network traffic.
8.2. Where firewalls are used, a dual homed firewall (a device with more than one TCP/IP address) will be the preferred solution.
8.3. Network equipment will be configured to close inactive sessions.
9. Data Center Access
9.1 Only pre-approved Data Management Center employees are allowed in the data center.
9.2. Visitors and contractors are allowed in the data center only upon prior notification to I.T. by an authorized Data Management Center employee.
9.3. Data Management Center staff and visitors must sign in at the first floor lobby of the data center.
9.4. Any boxes and shipping containers will be inspected by I.T. security personnel prior to being allowed into the data center.
9.5. Data Management Center/SS staff and visitors must sign out before leaving the cage area and data center.
Business Continuity Plan
This is a plan to ensure that the essential business functions of DATA MANAGEMENT CENTER/S are able to continue (or re-start) in the event of unforeseen circumstances, normally a disaster of some sort.
Critical areas of business identified:
DATA MANAGEMENT CENTER selected I.T.’s data center in Schaumburg as its host for all CLIENT eBill Document Services online customers.
The I.T. e-business Hosting Center in Schaumburg provides:
• Redundant, reliable network with no single point of failure
• Redundant, expandable, and burstable high-speed Internet connectivity utilizing multiple Tier 1 Internet Service Providers (AT&T, UUNet, Qwest, Sprint).
• 24x7x365 Infrastructure Management including on-line monitoring technicians, network and system monitoring, automatic timed URL checking and account supervisor monitoring.
• Redundant power supplies, system-wide Uninterruptible Power Supplies.
DATA MANAGEMENT CENTER data and backup will be in CA, IL, KY, NC, or MA.
• Complete remote backup site in the event of catastrophic data center failure.
• Multiple backups and off-site storage of all data files, security databases, application settings, and system configurations.
• Redundant and expandable high-speed Internet/Intranet connectivity utilizing multiple Tier 1 Internet Service Providers (SBC, Covad).
DATA MANAGEMENT CENTER internal infrastructure:
Upon invoking this Business Continuity Plan, management of DATA MANAGEMENT CENTER internal infrastructure can be switched to the I.T. e-business Hosting Center or the reverse. All DATA MANAGEMENT CENTER shared hosted clients are operated on a mirrored system that is managed at the DATA MANAGEMENT CENTER facility in Schaumburg, IL. These sites can be switched and managed from each location
In the event that I.T. facility causes the BCP to be invoked, all clients will be officially informed (written and verbal) about the Business Continuity Plan invoking and how they can access their hosted mirror site(s) and when their data will be processed from the remote site.
DATA MANAGEMENT CENTER telephone system
In the event of a disaster, all DATA MANAGEMENT CENTER critical personnel have DATA MANAGEMENT CENTER managed cell phones. These cell phones are connected to the monitoring capabilities of the DATA MANAGEMENT CENTER hosted sites.
All DATA MANAGEMENT CENTER Critical Personnel are available 24/7 in the event of this Business Continuity Plan being invoked.
What constitutes the invoking of DATA MANAGEMENT CENTER Business Continuity Plan?
The following table provides the criteria, expectations and escalation of responsibility for the Production Incident Resolution Severity Guide: After two (2) level 1 critical impacts in the same period, DATA MANAGEMENT CENTER could invoke its BCP.
