Why choosing LiveCRM?
LiveCRM has now implemented in its Data Center the DSS (Data Security Standards) and the SAS 70 II.
What is the DSS?
The DSS is a set of rules and organizational procedures which aim at increasing the security inside data centers avoiding the risk of data loss.
These rules are validated and encouraged with special programs by some of the most important Credit Card companies in the world like Visa, MasterCard, American Express, JCB and intend to:
• build and maintain a secure network;
• protect customer data stored inside the server;
• maintain a vulnerability management programme;
• implement tight measures for access control;
• monitoring and regular testing the network infrastructure;
• maintain a policy of information protection.
What are, in details, the rules imposed by the DSS?
1. Install and maintain a firewall infrastructure to protect customer data;
2. Do not use default system passwords and other pre-defined security parameters;
3. Protect customer data;
4. Encrypt the transmission of customer data on public networks;
5. Use and regularly update antivirus software;
6. Develop and ensure the maintenance of a security system and relevant applications;
7. Assign a unique ID to all of those who have access to a computer;
8. Restrict physical access to customer data;
9. Identify and monitor all access to network resources and customer data;
10. Regularly test systems and relevant processes for protection;
11. Maintain a policy to deal with the information protection for employees and management.
Why choose a SaaS provider that adopts these rules?
There are many advantages in the implementation of the "DSS" procedures. The most important are:
1. the growing confidence of Customers, thanks to the improved level of data protection;
2. the greater protection against data loss and relevant costs eventually incurred for corrective action produced by violations of safety;
3. the benchmark and evaluation of protection mechanisms for systems that store, process and / or transmit customer data.
What certifications are out there?
There are three types of certification:
1. Self Assessment Questionnaire (SAQ): detailed scrutiny security check.
2. Scan Network: a network monitoring check which includes a simulated attack, carried out by a security officer (Approved Scanning Vendors);
3. On-Site Security Audit: which is an on-site check, carried out by a security accredited engineer (Qualified Security Assessors).
Certification must be renewed at regular intervals as specified below:
1. Network Scan: 4 times per year
2. On-Site Security Audit: every year
3. Self Assessment Questionnaire: every year
For any further questions please contact us by filling out the form below.
To contact our Security Team write us