Security and trust
The ISO first released its family of standards in 2005 and since then has made periodic updates to the various policies. For ISO 27001, the latest major changes were introduced in 2013. Ownership of ISO 27001 is actually shared between the ISO and the International Electrotechnical Commission (IEC), which is a Swiss organization body that focuses primarily on electronic systems. The goal of ISO 27001 is to provide a framework of standards for how a modern organization should manage their information and data. Risk management is a key part of ISO
27001, ensuring that a company or non-profit understands where their strengths and weaknesses lie. ISO maturity is a sign of a secure, reliable organization which can be trusted with data. Companies of all sizes need to recognize the importance of cybersecurity, but simply setting up an IT security group within the organization is not enough to ensure data integrity. An ISMS is a critical tool, especially for groups that are spread across multiple locations or countries, as it covers all end-to-end processes related to security.
SymphonyAI Summit complies with all the required security measures as required by § 164.306, § 164.308, § 164.310, § 164.312, § 164.314, and § 164.316 of HIPAA regulations in respect to all electronic protected health information. The details of the implementation can also be referred to associated detailed report dated 20th December 2018.
- SymphonyAI Summit is PinkVERIFY 2011 on 12 processes.
- SymphonyAI Summit, a provider of cost-effective and comprehensive cloud-based IT management solutions, has achieved the PinkVERIFY ITIL 2011 certification for 12 processes from Pink Elephant for its unified IT Management platform – “SymphonyAI Summit”
- Certificate can be found HERE
VAPT Certification is a technical approach to address security loopholes in the IT infrastructure of an organization (application, software system, network etc.). Vulnerability Assessment is a process of identifying with an objective not to miss any loopholes. Based on the observation of Vulnerability Assessment with regards to severity, a Penetration Test will be conducted. Penetration Test is a proof-of-concept approach to truly explore and exploit vulnerabilities. This method confirms whether or not the vulnerability actually exists and additionally proves that exploiting it may end up in injury to the application or network. The PT process is mostly intrusive and can actually cause damage to the systems; evidence of the same are captured as screenshots or logs, which further helps to aid remediation.
Process methodology would be:
- Scanning the network or application
- Searching for security flaws
- Exploiting the security flaws
- Report generation on risk, severity & probability
- Reassessing the system
- Final report (Performed for SymphonyAI Summit via KPMG)
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA) to give users more control over their personal data.
The SymphonyAI Summit application complies to GDPR rules. Under GDPR regulations, the users need to provide their consent to allow other users to view their personal data. After the user acceptance, the personal data will be stored in the SymphonyAI Summit application in an encrypted form. The following fields are considered as personal data, encrypted, and stored: Joining Date, E-mail ID, Login ID, Country, Address, Contact Number, Mobile Number, State, City, Pin, and Role. If any of these fields are blank, data for the blank fields will not be encrypted and stored.
SymphonyAI Summit uses the software development life cycle (SDLC) model to build products by adhering to standards and secure coding practices. SymphonyAI Summit product teams are well trained to analyse all requirements in detail and use the principle of “security by design” before developing product features.
- Microsoft designs, builds, and operates datacenters in a way that strictly controls physical access to the areas where your data is stored. Microsoft understands the importance of protecting your data, and is committed to helping secure the datacenters that contain your data. We have an entire division at Microsoft devoted to designing, building, and operating the physical facilities supporting Azure. This team is invested in maintaining state-of-the-art physical security.
- Microsoft takes a layered approach to physical security, to reduce the risk of unauthorized users gaining physical access to data and the datacenter resources. Datacenters managed by Microsoft have extensive layers of protection: access approval at the facility’s perimeter, at the building’s perimeter, inside the building, and on the datacenter floor. Layers of physical security are:
- Access request and approval. You must request access prior to arriving at the datacenter. You’re required to provide a valid business justification for your visit, such as compliance or auditing purposes. All requests are approved on a need-to-access basis by Microsoft employees. A need-to-access basis helps keep the number of individuals needed to complete a task in the datacenters to the bare minimum. After Microsoft grants permission, an individual only has access to the discrete area of the datacenter required, based on the approved business justification. Permissions are limited to a certain period of time, and then expire.
- Facility’s perimeter. When you arrive at a datacenter, you’re required to go through a well-defined access point. Typically, tall fences made of steel and concrete encompass every inch of the perimeter. There are cameras around the datacenters, with a security team monitoring their videos at all times.
- Building entrance. The datacenter entrance is staffed with professional security officers who have undergone rigorous training and background checks. These security officers also routinely patrol the datacenter, and monitor the videos of cameras inside the datacenter at all times.
- Inside the building. After you enter the building, you must pass two-factor authentication with biometrics to continue moving through the datacenter. If your identity is validated, you can enter only the portion of the datacenter that you have approved access to. You can stay there only for the duration of the time approved.
- Datacenter floor. You are only allowed onto the floor that you’re approved to enter. You are required to pass a full body metal detection screening. To reduce the risk of unauthorized data entering or leaving the datacenter without our knowledge, only approved devices can make their way into the datacenter floor. Additionally, video cameras monitor the front and back of every server rack. When you exit the datacenter floor, you again must pass through full body metal detection screening. To leave the datacenter, you’re required to pass through an additional security scan.
- Microsoft requires visitors to surrender badges upon departure from any Microsoft facility.
Physical Security Reviews
- Periodically, we conduct physical security reviews of the facilities, to ensure the datacenters properly address Azure security requirements.
- The datacenter hosting provider personnel do not provide Azure service management. Personnel can’t sign in to Azure systems and don’t have physical access to the Azure collocation room and cages.
- Azure is composed of a globally distributed datacenter infrastructure, supporting thousands of online services and spanning more than 100 highly secure facilities worldwide.
- The infrastructure is designed to bring applications closer to users around the world, preserving data residency, and offering comprehensive compliance and resiliency options for customers. Azure has 58 regions worldwide, and is available in 140 countries/regions.
- A region is a set of datacenters that is interconnected via a massive and resilient network. The network includes content distribution, load balancing, redundancy, and data-link layer encryption by default for all Azure traffic within a region or travelling between regions. With more global regions than any other cloud provider, Azure gives you the flexibility to deploy applications where you need them.
- Azure regions are organized into geographies. An Azure geography ensures that data residency, sovereignty, compliance, and resiliency requirements are honored within geographical boundaries.
- Geographies allow customers with specific data-residency and compliance needs to keep their data and applications close. Geographies are fault-tolerant to withstand complete region failure, through their connection to the dedicated, high capacity networking infrastructure.
- Availability zones are physically separate locations within an Azure region. Each availability zone is made up of one or more datacenters equipped with independent power, cooling, and networking. Availability zones allow you to run mission-critical applications with high availability and low-latency replication.
- The following figure shows how the Azure global infrastructure pairs region and availability zones within the same data residency boundary for high availability, disaster recovery, and backup.
- Geographically distributed datacenters enables Microsoft to be close to customers, to reduce network latency and allow for geo-redundant backup and failover.
Data bearing devices
- Microsoft uses best practice procedures and a wiping solution that is NIST 800-88 compliant. For hard drives that can’t be wiped, we use a destruction process that destroys it and renders the recovery of information
Data bearing devices
- Upon a system’s end-of-life, Microsoft operational personnel follow rigorous data handling and hardware disposal procedures to assure that hardware containing your data is not made available to untrusted parties. We use a secure erase approach for hard drives that support it. For hard drives that can’t be wiped, we use a destruction
- We design and manage the Azure infrastructure to meet a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1, and SOC 2. We also meet country- or region-specific standards, including Australia IRAP, UK G-Cloud, and Singapore MTCS.
Terms & Conditions
Your use of the website
SymphonyAI Summit does not guarantee that the website will be secure or free from bugs or viruses. You are responsible for configuring your information technology platform in order to access the website and you should use your own virus protection software. You must not misuse the website by knowingly introducing viruses or other material which is malicious or technologically harmful. You must not attempt to gain unauthorized access to the website or any connected server, computer, or database. You must not attack the website via a denial-of-service attack. We will report any such breach to the relevant law enforcement authorities, and we will co-operate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use the Website will cease immediately.
You may not use any scraper, crawler, spider, robot, or other automated means of any kind to access or copy data on the Website, deep link to any feature or content on the Website, bypass our robot exclusion headers or other measures we may use to prevent or restrict access to the Website. You agree not to use any device, software, or routine to interfere or attempt to interfere with the proper working of this website or any activity being conducted on this website.
No users under 18 years old
In order to access the website, you represent and warrant that you are older than 18 years old. If you are under the age of 18, please do not attempt to register with us at this website or provide any personal information about yourself to us. If we learn that we have collected personal information from someone under the age of 18, we will promptly delete that information. If you believe we have collected personal information from someone under the age of 18, please contact [email protected]
Disclaimer of warranties
SymphonyAI Summit DOES NOT WARRANT THAT ACCESS TO OR USE OF THE WEBSITE WILL BE UNINTERRUPTED OR ERROR-FREE OR THAT DEFECTS IN THE WEBSITE WILL BE CORRECTED. THIS WEBSITE, INCLUDING ANY CONTENT OR INFORMATION CONTAINED WITHIN IT OR ANY WEBSITE-RELATED SERVICE, IS PROVIDED “AS IS,” WITH ALL FAULTS, WITH NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUALITY OF INFORMATION, QUIET ENJOYMENT, AND TITLE/NON-INFRINGEMENT. SymphonyAI Summit DOES NOT WARRANT THE ACCURACY, COMPLETENESS OR TIMELINESS OF THE INFORMATION OBTAINED THROUGH THE WEBSITE.
YOU ASSUME TOTAL RESPONSIBILITY AND RISK FOR YOUR USE OF THIS WEBSITE, WEBSITE-RELATED SERVICES, AND LINKED WEBSITES. SymphonyAI Summit DOES NOT WARRANT THAT FILES AVAILABLE FOR DOWNLOAD WILL BE FREE OF VIRUSES, WORMS, TROJAN HORSES OR OTHER DESTRUCTIVE PROGRAMMING. YOU ARE RESPONSIBLE FOR IMPLEMENTING PROCEDURES SUFFICIENT TO SATISFY YOUR NEEDS FOR DATA BACK UP AND SECURITY.
WARRANTIES RELATING TO PRODUCTS OR SERVICES OFFERED, SOLD AND DISTRIBUTED BY SymphonyAI Summit ARE SUBJECT TO SEPARATE WARRANTY TERMS AND CONDITIONS, IF ANY, PROVIDED WITH OR IN CONNECTION WITH THE APPLICABLE PRODUCTS OR SERVICES.
Limitation of liability
SymphonyAI Summit AND ANY THIRD PARTIES MENTIONED ON THIS WEBSITE ARE NEITHER RESPONSIBLE NOR LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY, PUNITIVE, OR OTHER DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM LOST PROFITS, LOST DATA, OR BUSINESS INTERRUPTION) ARISING OUT OF OR RELATING IN ANY WAY TO THE WEBSITE, WEBSITE-RELATED SERVICES, CONTENT OR INFORMATION CONTAINED WITHIN THE WEBSITE, AND/OR ANY LINKED WEBSITE, WHETHER BASED ON WARRANTY, CONTRACT, TORT, OR ANY OTHER LEGAL THEORY AND WHETHER OR NOT ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR SOLE REMEDY FOR DISSATISFACTION WITH THE WEBSITE, WEBSITE-RELATED SERVICES, AND/OR LINKED WEBSITES IS TO STOP USING THE WEBSITE AND/OR THOSE SERVICES. TO THE EXTENT ANY ASPECTS OF THE FOREGOING LIMITATIONS OF LIABILITY ARE NOT ENFORCEABLE, THE MAXIMUM AGGREGATE LIABILITY OF SymphonyAI Summit TO YOU WITH RESPECT TO YOUR USE OF THIS WEBSITE IS $500 (FIVE HUNDRED DOLLARS).
SymphonyAI Summit is the owner or licensee of all Intellectual property rights in this website and the material published on it and holds the copyright to the whole content of the website. Any rights not expressly granted herein are reserved. Reproduction, transfer, distribution or storage of any part of the website or its content in any form without the prior written permission of SymphonyAI Summit is prohibited except as follows: You may download or print off copies of materials, information, data and other content included on the website for your non-commercial personal use only. You must not modify the paper or digital copies of any materials you have printed off or downloaded in any way. SymphonyAI Summit’s status (and that of any identified contributors) as authors of the content must always be acknowledged.
If you link to the website (or if you share a SymphonyAI Summit post on any other social media platform such as Facebook, LinkedIn or Twitter), you agree to do so in a way that is fair and legal and does not damage the reputation of SymphonyAI Summit or its affiliates or take advantage of it. You also agree to do so in a manner which does not suggest any form of association, approval or endorsement on our part where none exists. The website or social media page in which you are providing the link must comply in all respects with our Content Standards set out below.
The website contains corporate logos, product names, brands and other identification symbols that are either directly or indirectly proprietary trademarks or registered trademarks of SymphonyAI Summit and may also contain trademarks or registered trademarks proprietary to third parties. Any and all unauthorized use of such trademarks is strictly prohibited. Use of the SymphonyAI Summit logo may be allowed with SymphonyAI Summit’s prior written consent, which consent will be granted at SymphonyAI Summit’s sole and unfettered discretion.
Governing law and jurisdiction