Physical
Security |
Description |
|
Physical premises |
Security guards, surveillance cameras, locked cages, man-traps, smoke and temperature monitors,
bonded data processing (DP) operators, and electronic access control are all a part of the Data
Center where NetDocuments servers are located. In the high security area, the physical presence
of at least two operators is required with surveillance cameras monitored by a third security
guard overlooking the keyboard and physical activities. Operators are assigned to each area and
security level, with no crossover from one area to another. |
|
Access |
There are three separate physical security areas with 24x7x365 operation: the bank equipment area
which contains Internet access, LAN equipment, intrusion detection, firewall, and network management
systems; the document area which contains servers, disks, and backup facilities; and the high security
area which contains credentials and digital certificates (public keys) for the documents and the services. |
|
Intrusion detection |
Access is monitored by three levels of intrusion detection, which operates within a dual firewall
configuration—the bank's firewall protects the financial services, while the NetDocuments firewall
segments the NetDocuments Web servers from the NetDocuments data. |
|
Change control process |
An audited change control management process manages all changes to the system. |
|
Availability, Reliability and Scalability |
NetDocuments was designed to achieve a high level of scalability and high availability, able to
support hundreds of thousands of users 24 hours a day, 7 days a week, 365 days a year. While this
is a daunting task by any standard, NetDocuments architecture allows it to administer such service
with spectacular results.
Learn more |
Off-line Backup Tape Center
View diagram of center |
All backup tapes are stored in a nuclear bomb-safe granite mountain with 24-hour armed guard
services. The vault meets or exceeds all American National Standard Institute guidelines for
electronic storage and has never lost data in its 32-year history. The center includes a:
- Fireproof vault constructed of concrete and steel and
excavated into a solid granite mountain with 200 feet overburden. The vault is capable of
withstanding any force known to man.
- Flood proof location.
- Monitor for temperature and humidity, so the levels in
the vault meet archival storage requirements for sensitive records. The air is re-circulated
and filtered every six hours in the vault. On-site water supply and two sources of electrical
power.
- Retrieval and delivery of records immediately.
|
|
Audits |
The federal regulations of the commercial bank's Data Processing Center is also applied to
NetDocuments, and enforced by the same auditing team. |
|
Software Security |
Description |
|
Data Encryption |
All access is authenticated through Novell's NDS® eDirectory™ technology with optional
digital certificate capability. All data transmission is done through a Secure Sockets Layer (SSL).
|
|
Access Control |
After the user is authenticated to the directory via a username and password, NetDocuments strictly
enforces access control to all documents based on permissions. |
|
Access Log |
NetDocuments maintains an access log for every user, document, activity, and authentication. |
|
Directory |
Users cannot browse the directory master list, and can only add someone to his directory with an
exact identification of email address or username. |