Last Reviewed : 12 June 2018

 Any capitalised term not defined in this Security Policy shall have the meaning given to it in the Agreement.

C2M may update or modify this security policy from time to time provided that such updates and modifications do not result in a material degradation of the security of the Services.

1. Data Centre and Network Security

A. Data Centres Infrastructure

C2M maintains geographically distributed data centres. C2M stores all production data in physically secure data centres.

Redundancy
Infrastructure systems have been designed to eliminate single points of failure and minimize the impact of anticipated environmental risks. Dual circuits, switches, networks or other necessary devices help provide this redundancy. The Services are designed to allow C2M to perform certain types of preventative and corrective maintenance without interruption. All environmental equipment and facilities have documented preventative maintenance procedures that detail the process for and frequency of performance in accordance with the manufacturer’s or internal specifications. Preventative and corrective maintenance of the data centre equipment is scheduled through a standard change process according to documented procedures.

Power
The data centre electrical power systems are designed to be redundant and maintainable without impact to continuous operations, 24 hours a day, and 7 days a week. In most cases, a primary as well as an alternate power source, each with equal capacity, is provided for critical infrastructure components in the data centre. Backup power is provided by various mechanisms such as uninterruptible power supplies (UPS) batteries, which supply consistently reliable power protection during utility brownouts, blackouts, over voltage, under voltage, and out-of-tolerance frequency conditions. If utility power is interrupted, backup power is designed to provide transitory power to the data centre, at full capacity, for up to 10 minutes until the diesel generator systems take over. The diesel generators are capable of automatically starting up within seconds to provide enough emergency electrical power to run the data centre at full capacity typically for a period of days.

Server Operating Systems
C2M servers use Microsoft and Linux based implementation customized for the Hosted Services environment.

Businesses Continuity
C2M replicates data over multiple systems to help to protect against accidental destruction or loss. C2M has designed and regularly plans and tests its business continuity planning/disaster recovery programs.

Networks & Transmission
Data Transmission: Data centres are typically connected via high-speed private links to provide secure and fast data transfer between data centres. This is designed to prevent data from being read, copied, altered or removed without authorization during electronic transfer or transport or while being recorded onto data storage media. C2M transfers data via encrypted Internet standard protocols.

External Attack Surface
C2M employs multiple layers of network devices and intrusion detection to protect its external attack surface. C2M considers potential attack vectors and incorporates appropriate purpose built technologies into external facing systems.

Intrusion Detection
Intrusion detection is intended to provide insight into ongoing attack activities and provide adequate information to respond to incidents. C2M intrusion detection involves:
• Tightly controlling the size and make-up of C2M’s attack surface through preventative measures;
• Employing intelligent detection controls at data entry points; and
• Employing technologies that automatically remedy certain dangerous situations.

Incident Response
C2M monitors a variety of communication channels for security incidents, and C2M’s security personnel will react promptly to known incidents.

Encryption Technologies
C2M makes HTTPS encryption (also referred to as SSL or TLS connection) available.

2. Access and Site Controls

A. Site Controls.

On-site Data Centre Security Operation
C2M’s data centres maintain an on-site security operation responsible for all physical data centre security functions 24 hours a day, 7 days a week. The on-site security operation personnel monitor Closed Circuit TV (CCTV) cameras and all alarm systems. On-site security operation personnel perform internal and external patrols of the data centre regularly.

Data Centre Access Procedures
C2M maintains formal access procedures for allowing physical access to the data centres. The data centres are housed in facilities that require electronic card key access, with alarms that are linked to the on-site security operation. All entrants to the data centre are required to identify themselves as well as show proof of identity to on-site security operations. Only authorized employees, contractors and visitors are allowed entry to the data centres. Only authorized employees and contractors are permitted to request electronic card key access to these facilities. Data centre electronic card key access requests must be made through e-mail, and requires the approval of the requestor’s manager and the data centre director. All other entrants requiring temporary data centre access must: (i) obtain approval in advance from the data centre managers for the specific data centre and internal areas they wish to visit; (ii) sign in at on-site security operations;and (iii) reference an approved data centre access record identifying the individual as approved.

On-site Data Centre Security Devices
C2M’s data centres employ an electronic card key and biometric access control system that are linked to a system alarm. The access control system monitors and records each individual’s electronic card key and when they access perimeter doors, shipping and receiving, and other critical areas. Unauthorised activity and failed access attempts are logged by the access control system and investigated, as appropriate. Authorised access throughout the business operations and data centres is restricted based on zones and the individual’s job responsibilities. The fire doors at the data centres are alarmed. CCTV cameras are in operation both inside and outside the data centres. The positioning of the cameras has been designed to cover strategic areas including, among others, the perimeter, doors to the data centre building, and shipping/receiving. On-site security operations personnel manage the CCTV monitoring, recording and control equipment. Secure cables throughout the data centres connect the CCTV equipment. Cameras record on site via digital video recorders 24 hours a day, 7 days a week. The surveillance records are retained for up to 90 days based on activity.

B. Access Control

Infrastructure Security Personnel
C2M has, and maintains, a security policy for its personnel, and requires security training as part of the training package for its personnel. C2M’s infrastructure security personnel are responsible for the ongoing monitoring of C2M’s security infrastructure, the review of the Services, and for responding to security incidents.

Access Control and Privilege Management
Customer’s administrators and end users must authenticate themselves via a central authentication system or via a single sign on system in order to use the Services. Each application checks credentials in order to allow the display of data to an authorised end user or authorized administrator.

Internal Data Access Processes and Policies
C2M’s internal data access processes and policies are designed to prevent unauthorised persons and/or systems from gaining access to systems used to process Personal Data. C2M aims to design its systems to: (a) only allow authorised persons to access data they are authorised to access; and (b) ensure that Personal Data cannot be read, copied, altered or removed without authorisation during processing, use and after recording. The systems are designed to detect any inappropriate access. C2M employs a centralised access management system to control personnel access to production servers, and only provides access to a limited number of authorised personnel.

LDAP, Kerberos and a proprietary system utilizing RSA keys are designed to provide C2M with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information. C2M requires the use of unique user IDs, strong passwords; two factor authentication and carefully monitored access lists to minimise the potential for unauthorised account use. The granting or modification of access rights is based on: the authorised personnel’s job responsibilities; job duty requirements necessary to perform authorised tasks; a need to know basis; and must be in accordance with C2M’s internal data access policies and training.

Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include password expiry, restrictions on password reuse and sufficient password strength. For access to extremely sensitive information (e.g. credit card data), C2M uses hardware tokens.

3. Data

A. Data Storage, Isolation and Authentication

C2M stores data in a multi-tenant environment on C2M-owned servers. Data, the Services database and file system architecture are replicated between multiple geographically dispersed data centres. C2M logically isolates data on a per Customer basis at the application layer. C2M logically separates Customer’s data, including data from different end users, from each other, and data for an authenticated end user will not be displayed to another end user (unless the former end user or administrator allows the data to be shared). A central authentication system is used across all Services to increase uniform security of data.

The Customer will be given control over specific data sharing policies. Those policies, in accordance with the functionality of the Services, will enable Customer to determine the product sharing settings applicable to end users for specific purposes. Customer may choose to make use of certain logging capability that C2M may make available via the Services, products and APIs. C2M agrees that changes to the APIs will not result in the material degradation of the security of the Services.

All data is stored encrypted at all times on servers and backup systems.

B. Decommissioned Disks and Disk Erase Policy

Certain disks containing data may experience performance issues, errors or hardware failure that lead them to be decommissioned. Decommissioned disks are subject to a series of data destruction processes before leaving C2M’s premises either for reuse or destruction. Decommissioned disks are erased in a multi-step process and verified complete by at least two independent validators. The erase results are logged by the decommissioned disk’s serial number for tracking. Finally, the erased decommissioned disk is released to inventory for reuse and redeployment. If, due to hardware failure, the decommissioned disk cannot be erased, it is securely stored until it can be destroyed. Each facility is audited regularly to monitor compliance with the aforesaid.

4. Personnel Security

C2M personnel are required to conduct themselves in a manner consistent with the Company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. C2M conducts reasonably appropriate backgrounds checks to the extent legally permissible and in accordance with applicable local employment law and statutory regulations.

Personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, C2M’s confidentiality and privacy policies. Personnel are provided with security training. Personnel handling customer data are required to complete additional requirements appropriate to their role (e.g. certifications). C2M’s personnel will not process Customer Data without authorisation.

5. Sub-processor Security

C2M conducts an audit of the security and privacy practices of Sub-processors to ensure Sub-processors provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Once C2M has assessed the risks presented by the Sub-processor, then subject always to the requirements set out in the DPA, the Sub-processor is required to enter into appropriate security, confidentiality and privacy contract terms.