[转] LOGIGEAR SECURITY POLICIES

LOGIGEAR SECURITY POLICIES

At LogiGear® we are committed to the security of our clients' IP, equipment and livelihoods. Therefore we have instituted comprehensive security policies in our testing labs, including the following essential procedures:

Data access security
Network security
Physical security
Non-disclosure agreements
Staff allocation, training and culture
Confidential document control

Data access security

• Data security firewalls are installed to prevent unauthorized access to the network
• Password policy in place for accessing PCs and workstations for authorized access
• Access to important files and directories is given only to specific personnel 
• All mail and web servers are located at an independent internet data center
• Backup policy in place. Monthly backups are stored at an off-site location and removable backups are kept safe with logs duly maintained
• Frequent & surprise security audits are in force to assess any breach with multi level security management in control
• Email encryption for important emails
• Password protection for important documents

Network security

• Each client's process is run on a separate VLAN / VPN when run off-shore/off-site
• Software defined secure tunnels through the internet
• Only client authorized personnel is allowed to access the VLAN / VPN. This setup prevents others from accessing the project information
• Anti-virus protection for desktops & servers
• Spam and Attachment filter
• Live monitor of network activity WAN and LAN

Physical security

• Photo ID cards and access cards with easy-to-identify bands are issued to all employees of our offshore labs
• Visitors are provided with separate cards and are not allowed beyond specific access points within our offshore labs
• Restricted access for each employee in all locations
• Security guards on duty 24/7.

Non-Disclosure Agreements (NDA)

• All employees sign individual NDAs, in addition to proprietary information and inventions agreements.
• Employees may not disclose any proprietary information directly or indirectly to anyone outside the company, or use, copy, publish, summarize or remove such information from company premises.
• Employees may not use any unfair competitive practices upon termination of employment or engage in any outside business during employment.
• Any confidential information received from third parties and clients are held in the strictest confidence, and used only as necessary to meet our obligations to the providing party contracting our services.
• Any inventions and relevant records relating to or derived from work for the company, its vendors or clients must be disclosed to the company, and all information and records pertaining to any ideas, processes, trademarks, service marks, inventions, technology, computer programs, original works of authorship, designs, formulas, discoveries, patents, or copyrights so conceived or developed must be promptly disclosed to the company.

Staff Allocation, Training and Culture

• Dedicated resources are made available for all projects. This prevents unauthorized usage of client resources and protects all client proprietary information.
• We instill in all employees, as part of our comprehensive training programs and our company culture, a strong ethical framework that forbids exchange of IP between projects.

Confidential Document Control

• Access to public mail systems is not allowed, and access to removable media is restricted and controlled by the project manager responsible for client projects.
• IT controls include monitoring of email messages that exceed a certain size, with or without attachments.