Data Security Guide v2


SLAs Service Level Agreements will govern the level of hardware, software and network uptime from your providers. Ask for reports that will show that your prospective partners have history of supporting the service levels that you need. SSAE Audits The Statement on Standards for Attestation Engagements (SSAE) Service Organization Control (SOC) audit documents the specific controls implemented by a service organization. A third-party auditor performs the assessment. Transportation Insight conducts a SOC 1 Type 2 Report, which describes the suitability of an organization’s controls to achieve the objectives throughout a specified period, usually a year. BUSINESS CONTINUITY Check on the data center’s design to withstand weather events and disruptions, and the redundancy built into the system. Off-site redundancies can ensure service continues without delay. In case of a data loss, understand what your needs are for a recovery point objective (RPO) and recovery time objective (RTO). In other words, how far back should your data recovery extend, and how quickly do you need to be back in operation? MULTILAYER DEFENSES Data security requires multiple layers of defenses to safeguard personally identifiable information (PII) data and proprietary business data. Software and hardware measures, along with physical intrusion barriers, are necessary. Those defenses should be subjected to regular intrusion testing, including social engineer- ing attempts. Unfortunately, employees are often the weak link in attacks as they try to be responsive to inquiries. Training for employees should be a vital part of a cybersecurity strategy. EMERGING TECHNOLOGIES A plan to handle emerging technologies and potential threats is critical. For example, Single Sign-On capabilities are being widely adopted to streamline employee and partner access. However, that reduces the barriers to system intrusions. New technologies such as blockchain and IoT devices must be accounted for in data security and business continuity planning. DATA INSURANCE Finally, look for a partner with the corporate stature to hold appropriate insurance to mitigate the impact of a breach or loss of business.

Made with FlippingBook - Online magazine maker