SiliconExpert Information Security Strategy Goal is making our … · 2019-04-22 · SiliconExpert...
Transcript of SiliconExpert Information Security Strategy Goal is making our … · 2019-04-22 · SiliconExpert...
SiliconExpert Technologies | 1455 NW Irving Street, Suite 200 Portland, OR 97209 | www.siliconexpert.com Version 10
SiliconExpert Information Security Strategy Goal is making our business succeed through protecting
confidentiality, integrity and availability of our set of online tools and our customers’ information.
SiliconExpert is committed to protecting our set of online tools and our customers’ information from
unauthorized access, collection, retention, use, disclosure, modification or destruction.
Our purpose of making this document is to provide an overview of how we protect our systems and
our customers’ information.
SiliconExpert Technologies | 1455 NW Irving Street, Suite 200 Portland, OR 97209 | www.siliconexpert.com Version 10
Privacy and Information Security Program
SiliconExpert’s privacy and information security
program complies with privacy laws and
regulatory requirements, and based on the ISO
27001/2 international information security
standards, which includes:
Policies, standards, and guidelines.
Most up-to-date technical security controls and
technologies.
Information security incident management.
Business continuity and Redundancy.
Disaster recovery program.
Risk analysis and assessment.
Vulnerability management.
Monitoring, logging, auditing, and
improvement.
Privacy Policy
We understand that our customers are
concerned about privacy, and the
appropriate use of data, SiliconExpert has a
robust privacy policy in place.
Our Privacy Policy describes how
SiliconExpert handles information about you,
and applies to your use of any website that
posts a link to this Privacy Policy.
This Privacy Policy is posted on
http://www.siliconexpert.com/privacy-policy
It includes, but not limited to:
- COLLECTION OF INFORMATION
- USE OF INFORMATION
- SHARING OF INFORMATION
- ACCESSING AND CHANGING
INFORMATION
SiliconExpert Technologies | 1455 NW Irving Street, Suite 200 Portland, OR 97209 | www.siliconexpert.com Version 10
New technologies enormously enhance our
business and abilities to communicate, share
information, but this also increases security
risks, as threats are hugely evolving, creating
more sophisticated attacking methods,
exploiting new vulnerabilities.
SiliconExpert invests in new and most
innovative security controls and
technologies, to maintain confidentiality and
integrity without affecting business
continuity. We combine multiple advanced
security controls which operate in different
layers, including, but not limited to:
- Anti-malware solutions
- Firewalls
- Encryption solutions
- Removable media control
- Multi-factor authentication
- Automated patching solution
- DDOS Mitigation systems
- Intrusion detection and prevention
- Web Application Firewalls
- Remote Access Security systems
- Physical security
- Logging, Monitoring and detection systems
Security Controls and Technologies
Our information security policies are
reviewed on a regular basis to help
ensure their continued effectiveness
and accuracy,
SiliconExpert employees are required to
conduct themselves in a manner
consistent with the company’s
guidelines.
Our information security policies
include, but not limited to:
- Human resources security
- Access control
- Communication security
- Operation Security
- Physical and environmental security
- Security Incident Management
Information security policy
Security Awareness Training
The behavior of employees who do not
comply with information security policies
and procedures is a major threat, which
could lead to costly damages.
SiliconExpert ensures -in an ongoing
process- that employees have a solid
understanding of information security
issues, and how can their proper acting be
a major line of defense against different
types of attacks.
SiliconExpert Technologies | 1455 NW Irving Street, Suite 200 Portland, OR 97209 | www.siliconexpert.com Version 10
User Access and Data Protection
SiliconExpert takes every measure possible to
ensure your personal and confidential data is safely
guarded.
Your component and Bill-of-Material (BOM) data is
only accessible by your designated employees
through their assigned user IDs and passwords.
Only designated administrators have high level
access to reset passwords and troubleshoot account
issues.
Customer information and passwords are securely
stored using industry-accepted best practices.
SiliconExpert does not know, and cannot infer, the
design of a product or what a product’s use case is
from a simple listing of components. However, for
our extremely vigilant and concerned customers,
we recommend to not upload sensitive data such as
product names, complete BOMs, or unmodified
internal part numbers into the system. This
precaution, although mostly unnecessary for the
vast majority of our customers, should be
considered as an extra responsibility for the most
data sensitive companies who rely on
SiliconExpert’s solutions.
Access to SiliconExpert is on a per seat license basis.
Users should never share user IDs or passwords.
This is not only important for security, but it also
enables your administrators to more accurately see
activity by user. In our activity reports, you can view
username access, number of component searches
and upload dates, timestamps and concurrent
usage of users.
SiliconExpert can customize security for your
company based on SSO (Single Sign On) and
SAML (Security Assertion Markup Language)
based user authentication schema. The time
period for automatic log out is also configurable
by customer. We also recommend providing
your company IP addresses which we can add to
your access settings.
If required, SiliconExpert can also assign
administrators from your company to control
access to your data and enforcement of your
company rules.
Customers with multiple business groups can
have separated access for each group so that
they can view only their own BOMs and
components but not those of other divisions.
ITAR controlled customer data must never be
loaded into SiliconExpert in its entirety without
modifications (e.g. adding or omitting part
numbers or modifying internal part numbers,
omitting any reference to ITAR in BOM or Project
naming convention, etc.). This is necessary and
recommended as SiliconExpert employs US
citizens and non-US citizens worldwide.
Components loaded into customer projects and
BOMs, which are deleted by a customer, are
then deleted by both active servers and
replication servers. If a customer disengages with
SiliconExpert, their data is purged from our
servers and the account information is deleted.
SiliconExpert Technologies | 1455 NW Irving Street, Suite 200 Portland, OR 97209 | www.siliconexpert.com Version 10
Disaster recovery and business continuity
As SiliconExpert is committed to protecting our services and our customers’ data, we are supporting
these efforts by clear identification of our business potential risks, and disaster recovery strategies
and plans.
The resources needed for incident prevention, detection, response, and recovery are applied, tested,
and updated on an ongoing basis, and also the whole production environment including customers’
data is maintained with the assistance of a leading managed hosting provider.
Compliance and Validation
In order to make sure that all our applications, networks, and security controls are working
effectively and properly, and to maintain and improve our security level, we regularly execute the
following:
- Application and network security vulnerability assessments.
- Security controls effectiveness assessments.
- Information Security Policy and international standards compliance audits.