Compliance and Information Security
Knowcraft’s commitment to information security is evident through their ISO/IEC 27001 certification, which provides a secure, stable, and scalable IT environment to meet client business requirements, with a comprehensive data security program ensuring confidentiality, integrity, and availability. Let’s delve into some of the security measures they have in place:
Physical and Environmental Security:
- Access Control: RFID/FRS entry/exit systems for employees and authorized visitors.
- Critical Areas: Restricted access to server rooms.
- Server Room: 24×7 temperature-controlled, housing servers, switches, firewalls, and surveillance systems with UPS support.
- Network: Gigabit LAN with structured cabling on the production floor.
- Surveillance: Office-wide CCTV and fire safety systems.
Logical Access Control:
- User Authentication: Primary and additional domain controllers with strict password policies.
- System Security: Auto-locking computers, NTFS permissions, and GPO on a need-to-know basis.
- Device Restrictions: USB ports, optical drives, Bluetooth, and Wi-Fi are restricted. Email access is controlled per client requirements.
Information Security:
Key attributes include:
- Confidentiality: Protection from unauthorized disclosure.
- Integrity: Safeguarding accuracy and completeness.
- Availability: Ensuring timely access for authorized users.
Training and Awareness:
- IT Induction: During IT induction at Knowcraft Analytics, every new employee receives a comprehensive overview of the organization’s basic IT practices and cyber security framework.
- Confidentiality Agreements: Signed by all staff.
- Cybersecurity Awareness: Periodic newsletters, posters, screen savers, and annual training sessions with quizzes.
Secure Working Environment:
- Clear Desk/Clear Screen Policy: Ensures sensitive materials are secured and systems are auto-locked when not in use.
- Gateway Security: Industry-standard hardware UTM HA cluster for network security.
- VPN Security: Industry-standard SSL VPN client for work from home users.
- Endpoint Protection: Comprehensive endpoint security including antivirus, network threat protection, and disk encryption.
- Patch Management: Regular updates for servers, endpoints, and network devices.
- Backup and Recovery: Onsite and cloud backups for critical data and restoration of data.
- Business Continuity and Disaster recovery: Cloud based DR site and annual DR drill activity for business continuity purposes.
- External Audits: Annual third-party security audits and penetration tests.
- Employee Verification and Training: Background checks and regular information security training with assessments.