Security & Trust

ISO 27001

ISO 27001

The ISO first released its family of standards in 2005 and since then has made periodic updates to the various policies. For ISO 27001, the latest major changes were introduced in 2013. Ownership of ISO 27001 is actually shared between the ISO and the International Electrotechnical Commission (IEC), which is a Swiss organization body that focuses primarily on electronic systems. The goal of ISO 27001 is to provide a framework of standards for how a modern organization should manage their information and data. Risk management is a key part of ISO

27001, ensuring that a company or non-profit understands where their strengths and weaknesses lie. ISO maturity is a sign of a secure, reliable organization which can be trusted with data. Companies of all sizes need to recognize the importance of cybersecurity, but simply setting up an IT security group within the organization is not enough to ensure data integrity. An ISMS is a critical tool, especially for groups that are spread across multiple locations or countries, as it covers all end-to-end processes related to security.

HIPAA

HIPAA

SUMMIT complies with all the required security measures as required by § 164.306, § 164.308, § 164.310, § 164.312, § 164.314, and § 164.316 of HIPAA regulations in respect to all electronic protected health information. The details of the implementation can also be referred to associated detailed report dated 20th December 2018.

PinkVERIFY™

PinkVERIFY™

  • Symphony SummitAI is PinkVERIFY 2011 on 12 processes.
  • Symphony SummitAI, a provider of cost-effective and comprehensive cloud-based IT management solutions, has achieved the PinkVERIFY ITIL 2011 certification for 12 processes from Pink Elephant for its unified IT Management platform – “SummitAI”
  • Certificate can be found HERE
VAPT

VAPT

VAPT Certification is a technical approach to address security loopholes in the IT infrastructure of an organization (application, software system, network etc.). Vulnerability Assessment is a process of identifying with an objective not to miss any loopholes. Based on the observation of Vulnerability Assessment with regards to severity, a Penetration Test will be conducted. Penetration Test is a proof-of-concept approach to truly explore and exploit vulnerabilities. This method confirms whether or not the vulnerability actually exists and additionally proves that exploiting it may end up in injury to the application or network. The PT process is mostly intrusive and can actually cause damage to the systems; evidence of the same are captured as screenshots or logs, which further helps to aid remediation.

Process methodology would be:
  • Scanning the network or application
  • Searching for security flaws
  • Exploiting the security flaws
  • Report generation on risk, severity & probability
  • Reassessing the system
  • Final report (Performed for SummitAI via KPMG)
GDPR

GDPR

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA) to give users more control over their personal data.
The SummitAI application complies to GDPR rules. Under GDPR regulations, the users need to provide their consent to allow other users to view their personal data. After the user acceptance, the personal data will be stored in the SummitAI application in an encrypted form. The following fields are considered as personal data, encrypted, and stored: Joining Date, E-mail ID, Login ID, Country, Address, Contact Number, Mobile Number, State, City, Pin, and Role. If any of these fields are blank, data for the blank fields will not be encrypted and stored.

SDLC

SDLC

SummitAI uses the software development life cycle (SDLC) model to build products by adhering to standards and secure coding practices. SummitAI product teams are well trained to analyse all requirements in detail and use the principle of “security by design” before developing product features.

Symphony SummitAI Privacy Statement

Symphony SummitAI Privacy Statement

Our privacy statement can be found HERE

Azure

Azure

Physical security
  • Microsoft designs, builds, and operates datacenters in a way that strictly controls physical access to the areas where your data is stored. Microsoft understands the importance of protecting your data, and is committed to helping secure the datacenters that contain your data. We have an entire division at Microsoft devoted to designing, building, and operating the physical facilities supporting Azure. This team is invested in maintaining state-of-the-art physical security.
  • Microsoft takes a layered approach to physical security, to reduce the risk of unauthorized users gaining physical access to data and the datacenter resources. Datacenters managed by Microsoft have extensive layers of protection: access approval at the facility’s perimeter, at the building’s perimeter, inside the building, and on the datacenter floor. Layers of physical security are:
  • Access request and approval. You must request access prior to arriving at the datacenter. You’re required to provide a valid business justification for your visit, such as compliance or auditing purposes. All requests are approved on a need-to-access basis by Microsoft employees. A need-to-access basis helps keep the number of individuals needed to complete a task in the datacenters to the bare minimum. After Microsoft grants permission, an individual only has access to the discrete area of the datacenter required, based on the approved business justification. Permissions are limited to a certain period of time, and then expire.
  • Facility’s perimeter. When you arrive at a datacenter, you’re required to go through a well-defined access point. Typically, tall fences made of steel and concrete encompass every inch of the perimeter. There are cameras around the datacenters, with a security team monitoring their videos at all times.
  • Building entrance. The datacenter entrance is staffed with professional security officers who have undergone rigorous training and background checks. These security officers also routinely patrol the datacenter, and monitor the videos of cameras inside the datacenter at all times.
  • Inside the building. After you enter the building, you must pass two-factor authentication with biometrics to continue moving through the datacenter. If your identity is validated, you can enter only the portion of the datacenter that you have approved access to. You can stay there only for the duration of the time approved.
  • Datacenter floor. You are only allowed onto the floor that you’re approved to enter. You are required to pass a full body metal detection screening. To reduce the risk of unauthorized data entering or leaving the datacenter without our knowledge, only approved devices can make their way into the datacenter floor. Additionally, video cameras monitor the front and back of every server rack. When you exit the datacenter floor, you again must pass through full body metal detection screening. To leave the datacenter, you’re required to pass through an additional security scan.
  • Microsoft requires visitors to surrender badges upon departure from any Microsoft facility.
Physical Security Reviews
  • Periodically, we conduct physical security reviews of the facilities, to ensure the datacenters properly address Azure security requirements.
  • The datacenter hosting provider personnel do not provide Azure service management. Personnel can’t sign in to Azure systems and don’t have physical access to the Azure collocation room and cages.
Datacenter infrastructure
  • Azure is composed of a globally distributed datacenter infrastructure, supporting thousands of online services and spanning more than 100 highly secure facilities worldwide.
  • The infrastructure is designed to bring applications closer to users around the world, preserving data residency, and offering comprehensive compliance and resiliency options for customers. Azure has 58 regions worldwide, and is available in 140 countries/regions.
  • A region is a set of datacenters that is interconnected via a massive and resilient network. The network includes content distribution, load balancing, redundancy, and data-link layer encryption by default for all Azure traffic within a region or travelling between regions. With more global regions than any other cloud provider, Azure gives you the flexibility to deploy applications where you need them.
  • Azure regions are organized into geographies. An Azure geography ensures that data residency, sovereignty, compliance, and resiliency requirements are honored within geographical boundaries.
  • Geographies allow customers with specific data-residency and compliance needs to keep their data and applications close. Geographies are fault-tolerant to withstand complete region failure, through their connection to the dedicated, high capacity networking infrastructure.
  • Availability zones are physically separate locations within an Azure region. Each availability zone is made up of one or more datacenters equipped with independent power, cooling, and networking. Availability zones allow you to run mission-critical applications with high availability and low-latency replication.
  • The following figure shows how the Azure global infrastructure pairs region and availability zones within the same data residency boundary for high availability, disaster recovery, and backup.
  • Geographically distributed datacenters enables Microsoft to be close to customers, to reduce network latency and allow for geo-redundant backup and failover.
Data bearing devices
  • Microsoft uses best practice procedures and a wiping solution that is NIST 800-88 compliant. For hard drives that can’t be wiped, we use a destruction process that destroys it and renders the recovery of information
impossible. This destruction process can be to disintegrate, shred, pulverize, or incinerate. We determine the means of disposal according to the asset type. We retain records of the destruction.

Data bearing devices
  • Upon a system’s end-of-life, Microsoft operational personnel follow rigorous data handling and hardware disposal procedures to assure that hardware containing your data is not made available to untrusted parties. We use a secure erase approach for hard drives that support it. For hard drives that can’t be wiped, we use a destruction
process that destroys the drive and renders the recovery of information impossible. This destruction process can be to disintegrate, shred, pulverize, or incinerate. We determine the means of disposal according to the asset type. We retain records of the destruction. All Azure services use approved media storage and disposal management services.
Compliance
  • We design and manage the Azure infrastructure to meet a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1, and SOC 2. We also meet country- or region-specific standards, including Australia IRAP, UK G-Cloud, and Singapore MTCS.
Rigorous third-party audits, such as those done by the British Standards Institute, verify adherence to the strict security controls these standards mandate.

Terms & Conditions

 

THESE TERMS AND CONDITIONS OF USE (“TERMS OF USE”) GOVERN YOUR USE OF THE SYMPHONYSUMMIT.COM WEBSITE, (OUR “WEBSITE”), WHICH IS OWNED AND CONTROLLED BY THE SUMMIT SOFTWARE INC (“Symphony SummitAI”).

BY ACCESSING AND USING OUR WEBSITE, YOU AGREE TO COMPLY WITH AND BE BOUND BY THE FOLLOWING TERMS OF USE. PLEASE NOTE THAT YOU ARE NOT ALLOWED TO ACCESS OR USE THE WEBSITE IF YOU DO NOT AGREE TO THE FOLLOWING TERMS OF USE. IF YOU DO NOT AGREE TO THESE TERMS OF USE, PLEASE DO NOT USE THIS WEBSITE. Symphony SummitAI RESERVES THE RIGHT TO MAKE CHANGES TO THESE TERMS OF USE AT ANY TIME. THE CHANGES WILL TAKE EFFECT UPON THEIR POSTING ON THE WEBSITE (UNLESS OTHERWISE NOTED IN SUCH CHANGES).

To understand our privacy practices, please review our Privacy Policy.

We advise you to print out these Terms of Use for your own records.

 

Your use of the Website

The content and materials published on this Website are provided by Symphony SummitAI as a service to its customers and may be used for information purposes only. Symphony SummitAI reserves the right to alter the Website or withdraw access to it at its sole discretion. Therefore, we recommend you consult these Terms of Use each time you use the Website.

The information and material contained on the Website is provided for general information only and is provided “as is”. In case this Website links to a page of a third party or a social media, such linking is solely for the convenience of users, and Symphony SummitAI assumes no responsibility for the content of third-party pages, social media, or any changes or updates to such sites and social media. When you access a non-Symphony SummitAI website, please understand that it is independent from Symphony SummitAI, and that Symphony SummitAI has no control over the content on that website. In addition, a link to a non-Symphony SummitAI website does not mean that Symphony SummitAI endorses or accepts any responsibility for the content, or the use, of the linked website. It is up to you to take precautions to ensure that whatever you select for your use or download is free of such items as viruses, worms, Trojan horses, and other items of a destructive nature. If you decide to access any of the third-party websites linked to this Site, you do this entirely at your own risk. These websites or social media websites have their own terms of use and Symphony SummitAI does not accept any responsibility or liability for these policies. Such links should not be interpreted as endorsement or approval by us of those linked websites or social media and we will not be liable for any loss or damage that may arise from your use of them.

Symphony SummitAI does not guarantee that the Website will be secure or free from bugs or viruses. You are responsible for configuring your information technology platform in order to access the Website and you should use your own virus protection software. You must not misuse the Website by knowingly introducing viruses or other material which is malicious or technologically harmful. You must not attempt to gain unauthorized access to the Website or any connected server, computer, or database. You must not attack the Website via a denial-of-service attack. We will report any such breach to the relevant law enforcement authorities, and we will co-operate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use the Website will cease immediately.

You may not use any scraper, crawler, spider, robot, or other automated means of any kind to access or copy data on the Website, deep link to any feature or content on the Website, bypass our robot exclusion headers or other measures we may use to prevent or restrict access to the Website. You agree not to use any device, software, or routine to interfere or attempt to interfere with the proper working of this Website or any activity being conducted on this Website.

 

No Users Under 18 Years Old

In order to access the Website, you represent and warrant that you are older than 18 years old. If you are under the age of 18, please do not attempt to register with us at this Website or provide any personal information about yourself to us. If we learn that we have collected personal information from someone under the age of 18, we will promptly delete that information. If you believe we have collected personal information from someone under the age of 18, please contact privacy@symphonysummit.com.

 

Disclaimer of Warranties

Symphony SummitAI DOES NOT WARRANT THAT ACCESS TO OR USE OF THE WEBSITE WILL BE UNINTERRUPTED OR ERROR-FREE OR THAT DEFECTS IN THE WEBSITE WILL BE CORRECTED. THIS WEBSITE, INCLUDING ANY CONTENT OR INFORMATION CONTAINED WITHIN IT OR ANY WEBSITE-RELATED SERVICE, IS PROVIDED “AS IS,” WITH ALL FAULTS, WITH NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, QUALITY OF INFORMATION, QUIET ENJOYMENT, AND TITLE/NON-INFRINGEMENT. Symphony SummitAI DOES NOT WARRANT THE ACCURACY, COMPLETENESS OR TIMELINESS OF THE INFORMATION OBTAINED THROUGH THE WEBSITE.

YOU ASSUME TOTAL RESPONSIBILITY AND RISK FOR YOUR USE OF THIS WEBSITE, WEBSITE-RELATED SERVICES, AND LINKED WEBSITES. Symphony SummitAI DOES NOT WARRANT THAT FILES AVAILABLE FOR DOWNLOAD WILL BE FREE OF VIRUSES, WORMS, TROJAN HORSES OR OTHER DESTRUCTIVE PROGRAMMING. YOU ARE RESPONSIBLE FOR IMPLEMENTING PROCEDURES SUFFICIENT TO SATISFY YOUR NEEDS FOR DATA BACK UP AND SECURITY.

WARRANTIES RELATING TO PRODUCTS OR SERVICES OFFERED, SOLD AND DISTRIBUTED BY Symphony SummitAI ARE SUBJECT TO SEPARATE WARRANTY TERMS AND CONDITIONS, IF ANY, PROVIDED WITH OR IN CONNECTION WITH THE APPLICABLE PRODUCTS OR SERVICES.

 

Limitation of Liability

Symphony SummitAI AND ANY THIRD PARTIES MENTIONED ON THIS WEBSITE ARE NEITHER RESPONSIBLE NOR LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY, PUNITIVE, OR OTHER DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM LOST PROFITS, LOST DATA, OR BUSINESS INTERRUPTION) ARISING OUT OF OR RELATING IN ANY WAY TO THE WEBSITE, WEBSITE-RELATED SERVICES, CONTENT OR INFORMATION CONTAINED WITHIN THE WEBSITE, AND/OR ANY LINKED WEBSITE, WHETHER BASED ON WARRANTY, CONTRACT, TORT, OR ANY OTHER LEGAL THEORY AND WHETHER OR NOT ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR SOLE REMEDY FOR DISSATISFACTION WITH THE WEBSITE, WEBSITE-RELATED SERVICES, AND/OR LINKED WEBSITES IS TO STOP USING THE WEBSITE AND/OR THOSE SERVICES. TO THE EXTENT ANY ASPECTS OF THE FOREGOING LIMITATIONS OF LIABILITY ARE NOT ENFORCEABLE, THE MAXIMUM AGGREGATE LIABILITY OF Symphony SummitAI TO YOU WITH RESPECT TO YOUR USE OF THIS WEBSITE IS $500 (FIVE HUNDRED DOLLARS).

 

Indemnification

You agree to defend, indemnify, and hold harmless Symphony SummitAI and any affiliates from and against any and all rights, demands, losses, liabilities, damages, claims, causes of action, actions, and suits (no matter whether at law or equity), fees, costs, and attorney’s fees of any kind whatsoever arising directly or indirectly out of or in connection with: (i) your use or misuse of the Website or any information posted on the Website; (ii) your breach of the Terms of Use or Privacy Policy; (iii) the content or subject matter of any information you provide to Symphony SummitAI or customer service or sales agent; or (iv) any negligent or wrongful act or omission by you in your use or misuse of the Website or any information on the Website, including without limitation, infringement of third party intellectual property rights, privacy rights, or negligent or wrongful conduct.

 

Intellectual property

Symphony SummitAI is the owner or licensee of all Intellectual Property rights in this Website and the material published on it and holds the copyright to the whole content of the Website. Any rights not expressly granted herein are reserved. Reproduction, transfer, distribution or storage of any part of the Website or its content in any form without the prior written permission of Symphony SummitAI is prohibited except as follows: You may download or print off copies of materials, information, data and other content included on the Website for your non-commercial personal use only. You must not modify the paper or digital copies of any materials you have printed off or downloaded in any way. Symphony SummitAI’s status (and that of any identified contributors) as authors of the content must always be acknowledged.

If you link to the Website (or if you share a Symphony SummitAI post on any other social media platform such as Facebook, LinkedIn or Twitter), you agree to do so in a way that is fair and legal and does not damage the reputation of Symphony SummitAI or its affiliates or take advantage of it. You also agree to do so in a manner which does not suggest any form of association, approval or endorsement on our part where none exists. The website or social media page in which you are providing the link must comply in all respects with our Content Standards set out below.

The Website contains corporate logos, product names, brands and other identification symbols that are either directly or indirectly proprietary trademarks or registered trademarks of Symphony SummitAI and may also contain trademarks or registered trademarks proprietary to third parties. Any and all unauthorized use of such trademarks is strictly prohibited. Use of the Symphony SummitAI logo may be allowed with Symphony SummitAI’s prior written consent, which consent will be granted at Symphony SummitAI’s sole and unfettered discretion.

 

Data protection

We collect and process your personal data in order to offer you our services. The processing of your personal data is done in accordance with the terms of the applicable Privacy Policy.

 

Governing law and jurisdiction

These Terms of use are governed by U.S. law. In the event of any matter or dispute arising out of or in connection with these Terms, you and we shall submit to the exclusive jurisdiction of the U.S. courts. In the event of any dispute or claim relating to the Website or these Terms of Use, you agree to resolution of such dispute in the state or federal courts located in and for Santa Clara County California, in accordance with California law.

 

Revisions; General

Symphony SummitAI reserves the right, in its sole discretion, to terminate your access to all or part of this Website, with or without cause, and with or without notice. In the event that any of the Terms of Use are held by a court or other tribunal of competent jurisdiction to be unenforceable, such provisions shall be limited or eliminated to the minimum extent necessary so that these Terms of Use shall otherwise remain in full force and effect. These Terms of Use constitute the entire agreement between Symphony SummitAI and you pertaining to the subject matter hereof. In its sole discretion, Symphony SummitAI may from time-to-time revise these Terms of Use by updating this posting. You should, therefore, periodically visit this page to review the current Terms of Use, so you are aware of any such revisions to which you are bound. Your continued use of the Website after revisions to these Terms of Use shall constitute your agreement to the revised Terms of Use. Certain provisions of these Terms of Use may be superseded by expressly designated legal notices or terms located on particular pages within this Website.

 

Contact

If you have any questions about the Terms of Use, please contact privacy@symphonysummit.com.