A. Access. Enable ISMS includes policies, procedures and logical controls designed to limit access to Enable facilities to properly authorized individuals, including through:
(i) 24/7 CCTV monitoring of access to secure server room area of the data centre; keys are securely maintained in IT Office with controlled access by designated personnel only.
(ii) camera surveillance systems at all entrance points; and
(iii) single data centre ingress and egress point from data storage and processing facilities.
B. Environmental Security. Enable ISMS maintains environmental controls to detect and help prevent compromise or destruction of data centres, including
(i) fire, heat, and smoke detection; and
(ii) Uninterruptible Power Supply (UPS) modules;
A. Access. Enable ISMS incorporates policies, procedures and logical controls designed to:
(i) limit access to Customer Data to authorized persons,
(ii) help protect against Customer data being moved, modified or compromised, and
(iii) handle Customer data with the highest level of security and confidentiality.
B. Encryption. Enable ISMS includes policies, procedures and logical controls designed to enforce encryption on all externally accessible systems and communications:
(i) administers encryption protocols designed to isolate network communication between an application host and a database host;
(ii) provide access to the internet-facing Enable web port (for HTTPS) through network firewalls,
(iii) secure volume-based encryption of data-at-rest using keys stored separately from the data; and
(iv) secure all endpoints using encryption, password protection and remote deactivation capability.
C. Segregation. The Subscription Services operate in a multi-tenant architecture designed to segregate and restrict Customer Data access based on business needs. Enable ISMS contains policies, procedures and logical controls designed to:
(i) logically separate each Customer’s data (i.e. separate database schemas) on the Subscription Service from all other Customers’ data;
(ii) prevent the replication of production data for use in non-production environments without the express permission of the data owner; and
(iii) identify, secure, and manage test environments that contain production data with the same level of security as production environments.
D. Transmission. Enable ISMS maintains policies, procedures and logical controls designed to prohibit unencrypted connections into or out of the Subscription Service. Enable will encrypt Subscription Service data transmissions via an AES (or its direct successor standard) by default and protect Data in Motion using TLS1.2 (HTTPS or SFTP) (or its direct successor standard).
E. Geolocation. Enable utilizes data centres in the UK, US, Europe. Enable complies with applicable laws governing cross-border transfers and put in place cross-border transfer agreements to the extent necessary.
F. Backups. Enable ISMS incorporates policies, procedures and logical controls designed to
(i) back up Customer systems and data daily to geographically separated, encrypted servers; and
(ii) prohibit storage or archival of data on backup tapes or mobile devices.
G. Minimization. Enable ISMS includes policies, procedures and logical controls designed to ensure Customer data is processed only as instructed by the Customer.
H. Destruction. Enable ISMS includes standards for secure destruction of data consistent with current industry standards and guidance. Enable will purge Customer data in compliance with applicable law and the applicable Customer contract.