| Security Statement OpsComm™ has created an industry-standard security infrastructure by assembling leading-edge technologies proven to be the most secure for each function. All firewalls and encryption devices are sourced from leading Internet security providers, configured by expert professionals, and tested rigorously before being placed into production.
Physical Security
OpsComm production equipment is located at RackForce. RackForce maintains 24-hour security at the location. All visits are logged against customer-defined access lists and all visitors are escorted. Access is via electronic key and the facility uses motion sensors, breach alarms as well as video surveillance. The RackForce data center is connected to two separate hydroelectric utility grids. In addition, the facility has standby diesel generators available to provide emergency power and these are tested weekly.
Network Resilience
RackForce use state-of-the-art networking equipment to route up and downstream traffic from their data center. Redundant BGP4 border routers connect their data center to three different backbone carriers via OC-12 and Gig fiber links for maximum network reliability and performance.
Perimeter Defense
A strong perimeter defense is essential to prevent unauthorized or inappropriate system access. OpsComm secures the perimeters of both production and corporate networks with multiple firewalls. Primary production firewalls are managed by in-house technicians who regularly monitor firewall logs.
Data Encryption
OpsComm leverages the strongest encryption currently supported by browsers, using a 1024-bit RSA public key and letting users access data with 128-bit encryption from their browsers. All versions of OpsComm use an SSL certificate signed by authentication leader Thawte and bearing the OpsComm domain name, as well as the lock icon in the corner of the user's browser, assures customers that their data is fully protected while in transit.
User Authentication
OpsComm customer data can be accessed only with a valid username and password combination, which is encrypted via SSL for Internet transmission. Username and password verification is provided by a hardened authentication service that is maintained separately from the main application service. For further security, OpsComm does not store user passwords. Instead, all passwords are encrypted using a one-way hashing algorithm. The hashed value is compared with a previously calculated hash value stored in the OpsComm authentication database. Once an OpsComm session has been established, a randomized session ID cookie that does not contain username or password information is used to identify the user. 15 minutes of inactivity causes the session to time out, after which a new session must be established in order to access customer data. We strongly recommend that Users choose at least an eight chararacter alpha-numeric logon name and password which cannot be easily identified by any other party. OpsComm is not responsible for unauthorised access where a User makes other parties aware of their password or logon name or by selecting obvious logon names or password facilitates another party to guess these parameters and gain access to OpsComm.
Application Security
Similar to multiple ATM machines accessing a centralized banking system, OpsComm's robust application security model prevents one customer from gaining unauthorized access to another customer's data when accessing OpsComm's centralized database system. This security model is applied and enforced for all OpsComm customers and staff.
Internal Systems Security
Within perimeter firewalls, OpsComm systems are safeguarded by a variety of security features such as network address translation, port redirection, IP masquerading, non-routable IP addressing schemes, internal firewalls and other precautionary measures. Details regarding the implementation of these security features are proprietary.
Operating Systems Security
OpsComm Solutions enforces tight operating system–level security by using a minimal number of access points to all production servers and protecting all operating system accounts with strong passwords. Production servers do not share a master password database. All operating systems are maintained at each vendor's recommended patch levels for security. Multiple, third-party security applications are used to ensure that each machine is secure before being placed into production. These applications are also checked at regular intervals to ensure that configurations have not been changed. File Storage
OpsComm facilitates the storage of User files on OpsComm servers through the OpsComm application. OpsComm take are reasonable endeavours to ensure security of these files but are not responsible in the event of unauthorised access to the OpsComm system. We therefore recommend that if a User chooses to store a file on the OpsComm servers and where these files are deemed by the User to be commercially sensitive the User purchases from OpsComm the high security file encryption module available as part of the Enterprise version of the application. Where Users purchase the high security file encryption module, OpsComm implement file encryption at source and on the server using RSA technology.
Database Security
Database access is controlled at the operating-system and database-connection levels for additional security. Access to production databases is limited to a minimal number of points. As with production servers, production databases do not share a master password database.
Auditing
OpsComm has a robust auditing system. Our servers are monitored continually. Any potential problems are detected, isolated and resolved without delay. OpsComm staff is alerted immediately in the event of potential hardware issues, hacker attacks, power fluctuations or other potential difficulties.
Access by OpsComm Staff
There may be situations in which OpsComm staff members need to access customer data for administrative purposes. It is OpsComm's policy to grant this access on a need-to-know basis only, and to limit such access to a small number of people with individual passwords. When providing customer support, OpsComm staff will always ask for permission prior to accessing customer data. As part of the Licence agreement OpsComm has rights to collect aggregated data from customer deployments. In such circumstances, task name, description and user name are not accessed as these remain the property of the customer. We monitor performance by task type (category) and where used work effort to ascertain operational efficiency.
Reliability and Backup
OpsComm further enhances its reliability by storing all customer data on redundant disks. To protect against data loss due to catastrophic events, all customer data is backed up to tape on a nightly basis, up to the last committed transaction. To protect against a facility-wide disaster, tape backups are moved offsite to a third facility on a weekly basis. NOTE: OpsComm does not protect individual customers against deletion of their data by properly authorized and authenticated users. For this reason, customers are expected to maintain duplicate copies of all data for backup purposes.
| 
