Appendix 1: Security Measures
As from the Terms Effective Date, Cloudmore will implement and maintain the Security Measures set out in this Appendix 1. Cloudmore may update or modify such Security Measures from time to time, provided that such updates and modifications do not result in the degradation of the overall security of the Processor Services.
Infrastructure. Cloudmore stores all production data in physically secure data centers.
Redundancy. Infrastructure systems have been designed to eliminate single points of failure and minimize the impact of anticipated environmental risks. Dual circuits, switches, networks or other necessary devices help provide this redundancy. The Processor Services are designed to allow Cloudmore to perform certain types of preventative and corrective maintenance without interruption. All environmental equipment and facilities have documented preventative maintenance procedures that detail the process for and frequency of performance in accordance with the manufacturer's or internal specifications. Preventative and corrective maintenance of the data center equipment is scheduled through a standard process according to documented procedures.
Power. The data center electrical power systems are designed to be redundant and maintainable without impact to continuous operations, 24 hours a day, and 7 days a week. In most cases, a primary as well as an alternate power source, each with equal capacity, is provided for critical infrastructure components in the data center. Backup power is provided by various mechanisms such as uninterruptible power supply (UPS) batteries, which supply consistently reliable power protection during utility brownouts, blackouts, over voltage, under voltage, and out-of-tolerance frequency conditions. If utility power is interrupted, backup power is designed to provide transitory power to the data center, at full capacity, until the diesel generator systems take over. The diesel generators are capable of automatically starting up within seconds to provide enough emergency electrical power to run the data center at full capacity typically for a period of days.
Server Operating Systems. Cloudmore servers use hardened operating systems which are customized for the unique server needs of the business.
Businesses Continuity. Cloudmore maintains a regularly updated and tested continuity planning/disaster recovery programs.
Data Transmission. Data centers are typically connected via high-speed private links to provide secure and fast data transfer between data centers. This is designed to prevent data from being read, copied, altered or removed without authorization during electronic transfer or transport or while being recorded onto data storage media. Cloudmore transfers data via Internet standard protocols.
External Attack Surface. Cloudmore employs multiple layers of network devices to protect its external attack surface.
Incident Response. Cloudmore monitors a variety of communication channels for security incidents, and Cloudmore’s security personnel will react promptly to known incidents.
Encryption Technologies. Cloudmore makes use of encryption when possible.
On-site Data Center Security Operation. Cloudmore’s data centers maintain an on-site security operation responsible for all physical data center security functions 24 hours a day, 7 days a week. The on-site security operation personnel monitor Closed Circuit TV (“CCTV”) cameras and all alarm systems. On-site security operation personnel perform internal and external patrols of the data center regularly.
Data Center Access Procedures. Cloudmore maintains formal access procedures for allowing physical access to the data centers. The data centers are housed in facilities that require electronic card key access, with alarms that are linked to the on-site security operation. All entrants to the data center are required to identify themselves as well as show proof of identity to on-site security operations. Only authorized employees, contractors and visitors are allowed entry to the data centers. Only authorized employees and contractors are permitted to request electronic card key access to these facilities. Data center electronic card key access requests must be made in advance and in writing, and require the approval of the VP of Production. All other entrants requiring temporary data center access must: (i) obtain approval in advance from the VP of Production for the specific data center and internal areas they wish to visit..
On-site Data Center Security Devices. Cloudmore’s data centers employ an electronic card key and biometric access control system that is linked to a system alarm. The access control system monitors and records each individual’s electronic card key and when they access perimeter doors, shipping and receiving, and other critical areas. Unauthorized activity and failed access attempts are logged by the access control system and investigated, as appropriate. Authorized access throughout the business operations and data centers is restricted based on zones and the individual’s job responsibilities. The fire doors at the data centers are alarmed. CCTV cameras are in operation both inside and outside the data centers. The positioning of the cameras has been designed to cover strategic areas including, among others, the perimeter, doors to the data center building, and shipping/receiving. On-site security operations personnel manage the CCTV monitoring, recording and control equipment. Cameras record on-site via digital video recorders 24 hours a day, 7 days a week. The surveillance records are retained for at least 7 days based on activity.
Infrastructure Security Personnel. Cloudmore has, and maintains, a security policy for its personnel, and requires security training as part of the training package for its personnel. Cloudmore’s infrastructure security personnel are responsible for the ongoing monitoring of Cloudmore’s security infrastructure, the review of the Processor Services, and responding to security incidents.
Access Control and Privilege Management. Customer's administrators and users must authenticate themselves via a central authentication system or via a single sign on system in order to use the Processor Services.
Internal Data Access Processes and Policies – Access Policy. Cloudmore’s internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process personal data. Cloudmore aims to design its systems to: (i) only allow authorized persons to access data they are authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorization during processing, use and after recording. Cloudmore employs a centralized access management system to control personnel access to production servers, and only provides access to a limited number of authorized personnel. LDAP, Kerberos and a proprietary system utilizing SSH certificates are designed to provide Cloudmore with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information. Cloudmore requires the use of unique user IDs, strong passwords, and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks; and a need to know basis. The granting or modification of access rights must also be in accordance with Cloudmore’s internal data access policies and training. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g. login to workstations), password policies that follow at least industry standard practices are implemented. These standards include restrictions on password reuse and sufficient password strength.
Cloudmore stores data in a multi-tenant environment on Cloudmore-owned servers. Data, the Processor Services database and file system architecture are replicated between multiple storage systems. Cloudmore logically isolates each customer's data. A central authentication system is used across all Processor Services to increase uniform security of data.
Certain Storage Media containing data may experience performance issues, errors or hardware failure that lead them to be decommissioned (“Decommissioned Storage Media”). Every Decommissioned Storage Media is subject to a series of data destruction processes (the “Data Destruction Guidelines”) before leaving Cloudmore’s premises either for reuse or destruction. Decommissioned Storage Media are erased in a multi-step process and verified complete by at least two independent validators. The erase results are logged by the Decommissioned Storage Media’s serial number for tracking. Finally, the erased Decommissioned Storage Media is released to inventory for reuse and redeployment. If, due to hardware failure, the Decommissioned Storage Media cannot be erased, it is securely stored until it can be destroyed. Each facility is audited regularly to monitor compliance with the Data Destruction Guidelines.
Cloudmore personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. Cloudmore conducts reasonably appropriate backgrounds checks to the extent legally permissible and in accordance with applicable local labor law and statutory regulations.
Personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, Cloudmore’s confidentiality and privacy policies. Personnel handling Customer Personal Data are required to complete additional requirements appropriate to their role. Cloudmore’s personnel will not process Customer Personal Data without authorization.
Before onboarding Subprocessors, Cloudmore conducts an audit of the security and privacy practices of Subprocessors to ensure Subprocessors provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Once Cloudmore has assessed the risks presented by the Subprocessor then, subject always to the requirements set out in Requirements for Subprocessor Engagement, the Subprocessor is required to enter into appropriate security, confidentiality and privacy contract terms.