Nextlimit Services. provides 100% HIPAA-HITECH compliant operations. Here are the various measures adopted to ensure the highest level of compliance with the stringent demands of these critical data privacy and security standards.
Controlled access restricted by bio-metric and proximity card systems
All employees are issued photo ID cards which they are required to wear at all times when they are within the facility premises
Regular review and periodic audits of access logs to check for unauthorized entry attempts
Access is granted on a least-privilege principle and configured on a per employee basis
Security personnel on 24-hour duty, posted at all entry and exit points of the facility
Logging of visitor details such as name, entry/exit time, contact person’s name, proof of ID, signature and reason for visit in a register kept for the purpose
CCTV monitoring, with recording, of all entry/exit points and inside the production floor
Random daily monitoring of stored recordings by security team
Recordings are retained in central DVR’s internal hard disk for 6 months and subsequently backed up to an external storage device
Vendors are required to sign a confidentiality agreement before accessing sensitive areas such as data/network centre and power supply control room
Vendors are always escorted by security personnel, and supervised at all times, either by an employee or security personnel
Only managers who are authorized are allowed to use basic non smart mobile phones within the premises
All other employees are required to deposit their phones in the locker box before entering the facility
No backpacks or bags of any sort are allowed inside the facility
All bags are required to be kept in the locker boxes placed outside the production floor
A leading Directory Service is used to create unique user IDs for individual users
Access to storage devices is controlled using Domain Group Policy configured in a Windows-based system
Password parameters built around strict frequency, complexity, account lockout, length and history compliances
User access to shared drives is controlled using group policies
Access to USB or other mass storage devices is blocked on workstations
Access to printers is allowed to authorized employees only
No wireless access points are installed within the facility premises
High-end ‘Unified Threat Management’ system (UTM) deployed to filter network traffic
Internet traffic regulated using content filter, URL filter and application filter systems
Port-mapping for traffic between Virtual LANs and from external networks
The firewall is set by default to deny all traffic passing between the networks unless specified otherwise by specific ports and service based rules
Network Address Translation (NAT) services are enabled to hide internal servers
Firewall logs are maintained for all traffic for 3 months and subsequently archived for 1 year
Intrusion Prevention Systems (IPS) are provided by the UTM system (using a high-end Firewall system)
IPS services are updated in real-time and licenses renewed annually
Site-to-site IPSec VPN tunnels are used to securely establish connection to client network.
Access to internal network is restricted to authorized employees only via client-to-site VPN connections.
Authorized employees are authenticated using the directory system’s authentication service.
VPN connections (site-to-site) are locked down by gateway IP addresses configured at both the facility and the client’s firewalls. If you’re interested in learning more, check out Private Internet Access Review.
Fully redundant network stack is maintained
Two ISP links are configured in an active-active mode
Power backup supplied by 130 KVA UPS and 750 KVA diesel powered generator system
All server and network systems are backed up by 22 KVA rack mounted UPS system
A centralized anti-malware system is deployed to provide protection against virus and other malware.
Automatic updating of virus definitions and security patches
Extra protection from external malware attacks is provided by the gateway firewall
Centralized Operating System patch management system deployed using an integrated server update system to ensure critical updates and security patches are applied to all the systems
Fire extinguishers are placed at all key areas within the premises
Half-yearly fire drills are conducted to test the effectiveness of fire safety protocols