Keeping Data Secure
Infrastructure Security
The BORN Information System (BIS) is architected using a combination of physical and virtualized servers. Virtualization plays a major role for all system-critical components. The key architectural cornerstone that enables the high availability of the BIS is the use of clustering with virtualization technologies. Antivirus and antimalware protection for all virtual machines are installed and configured according to the BORN information security policies.
Firewalls separate and control traffic to all BORN environments (external/dmz/internal) through a variety of IP and port rules as required for the application to function.
There are redundant firewalls at the outer edge of the dmz and the outer edge of the internal network to ensure that there is no single point of failure within the application.
Physical Security
The BORN Information System is housed on secure servers in a Data Centre that is managed by the Hosting Service Provider. Only authorized personnel are allowed access.
Hosting Service Provider datacenters are located in non-descript buildings that are physically constructed, managed, and monitored 24-hours a day to protect data and services from unauthorized access as well as environmental threats.
Hosting Service Provider data centers all receive SSAE16/ISAE 3402 Attestation and are ISO 27001 certified. Access to the Data Centre as follows:
- Datacenter entrances are guarded 24x7x365 by security personnel.
- Access to all Hosting Service Provider buildings is controlled, and access is restricted to those with card reader (swiping the card reader with an authorized ID badge) or biometrics for entry into Data Centers.
- Front desk personnel are required to positively identify Full-Time Employees (FTEs) or authorized Contractors without ID cards.
- Staff must wear identity badges at all times, and are required to challenge or report individuals without badges.
- All guests are required to wear guest badges and be escorted by authorized Hosting Service Provider personnel.
- Employees and contractors must have a business need to enter a Hosting Service Provider data center and have received prior approval.
- Doors between areas of differing security require authorized badge access, are monitored through logs and cameras, and audited on a regular basis.
Accessing the BIS
End-user access to the BORN application is done using a browser and communications leveraging the encryption in-transit capabilities of HTTPS. BIS website traffic is encrypted by a 2048-bit SSL certificate.
BORN maintains system integrity through appropriate password creation, security and administration. Multi-Factor Authentication (MFA) is required for all BORN Information System users.
Data Security
HTTPS controls are in place to protect traffic in transit along with services authentication controls. All activity in the BIS is continually logged and subject to regular audits.
The BIS utilizes role-based access controls to ensure that users only have access to data they are actually entitled to.
Security Policies
BORN has developed a comprehensive Privacy & Security Policy Manual. The policy manual includes a comprehensive requirement definition for Information Security. It defines the Information security safeguards, roles and responsibilities for BORN.