Sunknowledge Services Inc. provides 100% HIPAA-HITECH compliant operations.
Here are the various measures adopted to ensure the highest level of compliance with the stringent demands of these critical data privacy and security standards.
1. PHYSICAL ACCESS
a) Controlled access restricted by bio-metric and proximity card systems
b) All employees are issued photo ID cards which they are required to wear at all times when they are within the facility premises
c) Regular review and periodic audits of access logs to check for unauthorized entry attempts
d) Access is granted on a least-privilege principle and configured on a per employee basis
a) Security personnel on 24-hour duty, posted at all entry and exit points of the facility
b) Logging of visitor details such as name, entry/exit time, contact person’s name, proof of ID, signature and reason for visit in a register kept for the purpose
c) The physical register is retained for minimum 10 years
a) CCTV monitoring, with recording, of all entry/exit points and inside the production floor
b) Random daily monitoring of stored recordings by security team
c) Recordings are retained in central DVR’s internal hard disk for 6 months and subsequently backed up to an external storage device
4. VENDOR ACCESS
a) Vendors are required to sign a confidentiality agreement before accessing sensitive areas such as data/network center and power supply control room
b) Vendors are always escorted by security personnel, and supervised at all times, either by an employee or security personnel
5. MOBILE PHONE USAGE
a) Only managers who are authorized are allowed to use mobile phones within the premises
b) All other employees are required to deposit their phones in the locker box before entering the facility
6. PERSONAL BAGGAGE
a) No backpacks or bags of any sort are allowed inside the facility
b) All bags are required to be kept in the locker boxes placed outside the production floor
7. NETWORK AND APPLICATION USAGE
a) A leading Directory Service is used to create unique user IDs for individual users
b) Access to storage devices is controlled using Domain Group Policy configured in a Windows-based system
c) Password parameters built around strict frequency, complexity, account lockout, length and history compliances
d) User access to shared drives is controlled using group policies
e) Access to USB or other mass storage devices is blocked on workstations
f) Access to printers is allowed to authorized employees only
g) No wireless access points are installed within the facility premises
a) High-end ‘Unified Threat Management’ system (UTM) deployed to filter network traffic
b) Internet traffic regulated using content filter, URL filter and application filter systems
c) Port-mapping for traffic between Virtual LANs and from external networks
d) The firewall is set by default to deny all traffic passing between the networks unless specified otherwise by specific ports and service based rules
e) Network Address Translation (NAT) services are enabled to hide internal servers
f) Firewall logs are maintained for all traffic for 3 months and subsequently archived for 1 year
g) Intrusion Prevention Systems (IPS) are provided by the UTM system (using a high-end Firewall system)
h) IPS services are updated in real-time and licenses renewed annually
9. VPN (VIRTUAL PRIVATE NETWORK)
a) Site-to-site IPSec VPN tunnels are used to securely establish connection to client network.
b) Access to internal network is restricted to authorized employees only via client-to-site VPN connections.
c) Authorized employees are authenticated using the directory system’s authentication service.
d) VPN connections (site-to-site) are locked down by gateway IP addresses configured at both the facility and the client’s firewalls. If you’re interested in learning more, check out Private Internet Access Review.
10. REDUNDANCY MANAGEMENT
a) Fully redundant network stack is maintained
b) Two ISP links are configured in an active-active mode
c) Power backup supplied by 130 KVA UPS and 750 KVA diesel powered generator system
d) All server and network systems are backed up by 22 KVA rack mounted UPS system
11. VIRUS & MALWARE PROTECTION
a) A centralized anti-malware system is deployed to provide protection against virus and other malware.
b) Automatic updating of virus definitions and security patches
c) Extra protection from external malware attacks is provided by the gateway firewall
d) Centralized Operating System patch management system deployed using an integrated server update system to ensure critical updates and security patches are applied to all the systems
12. OTHER SAFETY MEASURES
a) Fire extinguishers are placed at all key areas within the premises
b) Half-yearly fire drills are conducted to test the effectiveness of fire safety protocols