Bookmark
ShareSecurity
1 MinimaRisk operational security concept and layout
MinimaRisk customers enjoy state-of-the-art infrastructure that ensures high levels of protection and availability of data. At MinimaRisk, we know security and data protection are critical to you and that you trust us with your data and the operation of your risk management cockpit. This is why we employ multiple layers of security and reliability measures. This is also why MinimaRisk runs entirely on the leading high-end technology E-Commerce infrastructure provided exclusively by Amazon Web Services (AWS).
Your data and applications are secured and protected through multiple layers:
1.1 Certifications and accreditations
MinimaRisk staff and management is certified Cobit 4.1, ISO 20000 Consultant, ISO 27001 Lead Auditor, ITIL Service Manager V2 and V3, all this knowledge is blended into our daily operations.
Minimarisk also relies on AWS best practices. AWS assures continued Sarbanes Oxley (SOX) compliance and attain certifications such as recurring Statement on Auditing Standards No. 70: Service Organizations, Type II (SAS70 Type II) certification. These certifications provide outside affirmation that AWS has established adequate internal controls and that those controls are operating efficiently. AWS continued efforts to obtain the strictest of industry certifications in order to verify its commitment to provide a secure, world-class cloud computing environment was the key motivitation for MinimaRisk to migrate the infrastructure to AWS.
1.2 Physical layer
MinimaRisk software solution is hosted on the platform of Amazon Web Services. AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
1.3 Network layer
MinimaRisk online software solution is protected by top-of-the line firewalls from industry-leading vendors. AWS employ security measures that go beyond what the industry deems satisfactory.
1.4 Internal Systems Security
Various security measures are employed and enforced inside of the perimeter firewalls. MinimaRisk is based on AWS complete firewall solution; this mandatory inbound firewall is configured in a default deny mode and the Amazon EC2 customer must explicitly open any ports to allow inbound traffic. The traffic may be restricted by protocol, by service port, as well as by source IP address (individual IP or CIDR block).
However the exact nature of these measures is kept confidential by MinimaRisk and AWS.
1.5 Operating System Security
All operating systems are kept current with all the patches recommended by their vendors. All unnecessary users, protocols, and ports are disabled and monitored.
1.6 Data Security
All data maintained in your MinimaRisk account belong solely to you. Our employees do not have direct access to production equipment, except where necessary for system management, maintenance, monitoring, and backups. We do not outsource data management to service providers. Only qualified MinimaRisk employees are allowed to access database servers, and only when their access is absolutely necessary. Our technical support engineers and risk consultants only log into your account when you specifically authorize them to do so, and only to resolve problems or issues reported by you.
1.7 Reliability and Backup
The AWS infrastructure is clustered: if there is a hardware failure of any sort, other servers in the cluster automatically and immediately take over the work of the failed server. Data stored in AWS is
redundantly stored in multiple physical locations as a normal part of those services and at no additional charge.
1.8 Data Encryption
When you log into your MinimaRisk account you have a secure login which enables 100% data encryption.
1.9 Web Application Security
MinimaRisk tracks the user access with IP, so that a range of given ip-addresses could be defined as a supplemental security and authentication measure.
Note: Use of MinimaRisk Online service is subject to the MinimaRisk Online Terms of Service. MinimaRisk may change its security infrastructure and practices from time to time.
2 Further documents regarding the security of MinimaRisk
2.1 Amazon Web Services: Overview of Security Processes September 2008
(Click here for the latest version of this paper)
MinimaRisk runs entirely on Amazon Web Services (AWS). AWS delivers a highly scalable cloud computing platform with high availability and dependability, and the flexibility to enable customers to build a wide range of applications. The issues of end-to-end security and end-to-end privacy within the cloud computing world are more sophisticated than within a single data center not facing the Internet. Ensuring the confidentiality, integrity, and availability of customer’s systems and data is of the utmost importance to MinimaRisk and our partner AWS.
2.2 Amazon Web Services availability
Amazon Web Services publishes the most up-to-the-minute information on service availability under this url. You are invited to check back at any time to get current status information, or subscribe directly to the appropriate RSS feeder so that you can be notified of interruptions to each individual service. If you are experiencing a real-time, operational issue with MinimaRisk please inform us by submitting a service issue report email (see MinimaRisk Online help under Support).
If you have any questions or would like additional information, please contact us.
If you are seeking information about enterprise risk management and related risk services, please visit www.minimarisk.com.
