Conexim web hosting
Delivering: Managed Dedicated Hosting Excellence.
ISO 27001 compliance


Home

Bookmark this page   Add to Favorites
Add to del.icio.us Add to Digg Add to Slashdot Add to StumbleUpon Add to Dzone Add to Reddit Add to Technorati

Hosting solutions
   Dedicated server
   Server clusters
   Virtual servers (VM) Virtualisation
   Application hosting
   Co-location
   Managed Security
   Email hosting
   DNS hosting
   Streaming
   Complete product list
Web hosting
Domain names
Domain hosting
Asia-Pacific datacenter

Fax to Email
Outsourced IVR

About us
Customers
Contact us

Partner channel

Jobs


Contact phone 1300 133 900
Contact fax1300 851 747

International
US: 866 485 0297
NZ: 0800 450 236

conexim.info help

ISO 27001 compliance

Conexim is a best practice organisation and below are guidelines from ISO27001 (formerly ISO17799) which are employed by our company:

# 1: Risk Assessment and Treatment

Conexim works with every client to conduct an assessment of information security risks. We focus primarily on the application's exposure to the Internet and advise on services which can enhance the security and mitigate the risk of compromise.

Aspects of physical security and network security are managed by Conexim and our facility providers and are monitored rigorously to ensure adherance.

# 2: Security Policies

Conexim's dealings with customer data is limited. Teams responsible for the administration of servers and associated services are subject to internal policies which govern how such data is handled.

# 3: Human Resources Security

Conexim has a policy of restricting access to systems and information to only those employees who are authorised. Those who do have access to such systems are restricted to only the minimum level of access required. All access to systems is logged and audited on a regular basis to ensure compliance.

Customers are assigned administrative privileges to their servers if required and are encouraged to employ similar practices to ensure the integrity, authenticity and non-repudiation of data on customer servers.

# 4: Physical and Environmental Security

Conexim's environmental security is maintained through a range of measures to restrict access. The specifics vary between facilities, however at a minimum, the following is in place:
  1. 24x7 manned security escorted access with authentication at multiple points.
  2. Access is possible only by registered employees and only to racks to which they are authorised access to.
  3. Once access to the building is permitted, each computer room is accessed by multi-factor authentication - swipe card, biometric (palm) and pin code and rack keys.
  4. Each row of racks is monitored by 24x7 CCTV security cameras.

# 5: Communications and Operations Management

All of Conexim's core systems (networks, DNS, mail and backup servers) are the subject of the tightest security. This is maintained through firewalls, intrusion prevention and detection, configuration management and auditing and remote logging. Security is of the utmost of consideration from inception to deployment on any project that Conexim undertakes.

# 6: Information Systems Acquisition, Development and Maintenance

Most critical systems are developed in house - this includes platforms for managing mail, DNS and the like. Each system or component is assessed for security vulnerabilities starting at the design phase. Where appropriate, indepedent assessments are conducted to ensure security is maintained.

# 7: Information Security Incident Management

Conexim is subscribed to a number of vulnerability notification services to reduce the risk to customer systems before exploits are developed. If the vulnerability affects the customer application, they are promptly notified and all efforts are made to ensure such vulnerabilities are contained. This is usually in the form of patching software or implementing stronger firewall rules.

To further enhance security incident reporting, Conexim offers Intrusion Detection services which allows pro-active notification of the early stages of an attack (reconnaissance and network enumeration).

# 8: Business Continuity Planning

Conexim maintains a master business continuity plan to ensure recovery of critical systems in the event of a catastrophe. It's well worth mentioning however that customers may have their own requirements with regards to business continuity planning. Conexim offers a range of solutions which allow hosting for business critical applications between two facilities with failover.

Conexim operates at multiple locations and data centres, each with their own independent connectivity, power and essential services. Each data centre can operate completely independently of the others.

# 9: Compliance

Conexim has procedures in place for governance of security policies. Conexim further has an acceptable use policy (which may be provided prior to undertaking services by request) which ensures that customers using our services also operate within Australian law and regulations without the risk of causing disruption to other clients. All our contracts are governed by an SLA, ensuring compliance with agreed service and security.



Related information >

© 1993-2008 Conexim Australia Pty. Limited. ABN 34 083 513 348 | AUP | spam trap

Microsoft, Red Hat, Extreme, Juniper, Supermicro, Nortel, Trend, CA