We at STC established well defined security management system, to ensure the security for our clients. We are fully compliant with the guidelines and principles defined in ISO-17799. Each of our projects complies with our client's security requirements. We apply formal Security Procedures, which are reviewed periodically by management and updated.
INTELLECTUAL PROPERTY AND CLIENT CONFIDENTIALITY
STC provides core services to several customers and thereby appreciates the importance of intellectual property protection. We have a contract with our customers for a comprehensive non-disclosure agreement
(NDA) and mutual protection of intellectual property rights. This contract is usually entered into during the signing of the service agreement.
This would typically contain clauses pertaining to:
Definition of Confidential Information
Restrictions on use
Breach and Consequences there upon points
Other miscellaneous provisions like ownership, applicability, jurisdiction etc
Every employee working for STC and assigned to a project signs a Non Disclosure Agreement (NDA) and this is submitted to the client before he/she starts off project related work. Usually the NDA is in the format of the client organization.
Confidentiality of information: This is to ensure that client specific information gained during the course of employment or from executing a customer’s contract is not divulged
Ownership of developed intellectual property: This ensures that any developments done on the job are the ownership of the company or contract that the employee is working on.
BEST PRACTICES FROM STC
Network Security:
24x7 security system
Access cards are issued to all employees and restricted access for each employee.
Visitors are provided with separate access cards and are restricted beyond specific access points
Rigorous administration and monitoring
Continuous monitoring system for the employees and work environment
Data and Information Security:
Installed automated data backup system that improves and expands data availability and reliability.
Well defined access control policy in place to prevent unauthorized access to important files and directories.
Password and Anti virus protection for servers and desktops
Password management, authentication and event logging policies in place to prevent internal abuses and external intrusions by controlling access to network and application resources
All mail and Web servers are located in an independent area.
Network Security:
Data Security Firewalls and vLANs are installed to prevent unauthorized access to the network
Allotted separate vLAN / VPN for each client while run Offsite.
Client authorized personnel alone allowed to access the VPN to prevent others from accessing the project information.
24 x 7 monitoring system for running applications that accesses the network.
24 x 7 Monitoring system for selected/all network packets as well as selected network events