Data Security

The security of our customers' data is our number one priority. It is imperative that we are vigilant in our efforts to insulate sensitive customer data from both internal and external threats. The following policies have been set forth to ensure the level of protection our customers demand:

Customer Data
The data in our production environment is owned by each respective customer and is not normally accessible to DesignLinks employees. When necessary, an employee is granted access to the absolute minimum amount of data required to do one's job effectively or serve the customer. For support personnel, this is limited to basic account information excluding passwords. For sales and marketing personnel, basic summary data is available to gauge product acceptance and ensure licensing compliance for each of our customers. In no instances can individual application content, including database data, file and image uploads, or application files be viewed by any member of the DesignLinks team without express consent by both the customer and management. In rare instances where access to such data is required, it will be kept in strict confidence. Such information will not be disseminated to other employees or to individuals outside the organization
Use of Production Data Outside of our Secure Hosted Environment
Production data may not be restored on any local machine except in rare instances where all of the following conditions are met:
  1. There is a legitimate business need to do so. Examples would include validation of migration scripts prior to a live prop or troubleshooting application problems that may otherwise adversely impact the integrity of the data on our production servers.
  2. Express consent is granted on behalf of management prior to the exercise.
  3. No external access to the data is available on the machine it is restored upon (i.e. not accessible by a public IP address).
  4. All passwords within the application are changed as part of any restoration.
  5. Local DB and backup files are permanently deleted once the exercise is complete.
Remote Access to Production Data
No local machines will have network drives mapped to production resources due to the risk of human error or the potential to infect a shared drive with a virus. Whenever remote access to production systems is required, the use a secure connection is required.
Audit Policy
Audit policies on all production systems will be turned on to monitor account activity in the following areas:
  • Login/Logoff
  • File/Object access
  • User and Group Management
  • Security Policy Changes
  • Restart and Shutdown System

Each of these points will be audited for both successful and failed attempts. Beyond the audit process, the servers will be continually monitored to watch for activity in these areas. Audit activity is written to the event log on each machine and also written to a central designated server. This server is where all monitoring will be performed so that events can be tracked across all systems.

Network Operations is responsible for reporting any suspicious activity found in the Audit activity. Once reported, Network Operations will determine the risk and severity of the event and take necessary actions to resolve known issues.

Data Backup and Disaster Recovery

All customer data is stored at the primary data center on secure database server clusters with RAID configuration and data is continuously replicated to other database servers on the same site which insulates us from any hardware failure. For further safety customer data is backed up to a secondary data centre on a nightly basis via a secure SSH tunnel.

In addition to all these safeguards, WorkSmart.net also provides customers the option for offsite backup at their premises or at another data center of their choice.

In an event of a catastrophic hardware failure, natural disaster or other event that renders the primary hosting facility inoperable, WorkSmart.net has set up procedures to bring the system back online at the secondary data center within 48 hours or less with minimal data loss.

About WorkSmart.Net


Copyright © 2008 DesignLinks International. All Rights Reserved.

WorkSmart.net Policies


Request More Info