Free Trial

Webinar

Visit our booth (#910) at Security Canada Central in TorontoOct 19-20
Join us at Security Canada. Booth #910. Oct 19-20. Register FREE

Compliance

3dEYE takes cybersecurity and adherence to the best practices and compliance standards seriously. Please find the list of most common questions we are asked with answers below.

Do you have any compliance certifications?
Do you conduct penetration tests of your service regularly?
Do you conduct audit regularly?
Are policies and procedures anonymized?
Do you have the capabilities to enforce customer data retention policies?
Do you have procedures in place to ensure production data shall not be replicated or used in non-production environments?
Do you have controls in place to prevent data leakage or intentional/accidental compromise between customers in a multi-tenant environment?
Do you have a Data Loss Prevention (DLP) or extrusion prevention solution in place for all systems which interface with your cloud service offering?
Will customers' data be moved from one physical location to another?
Do your information security and privacy policies align with particular industry standards?
Do you utilize 3rd party providers for your service?
Do you have controls in place ensuring timely removal of systems access which is no longer required for business purposes?
Do you maintain documentation for the granting and approval of access to data?
Is timely deprovisioning, revocation or modification of user access to the organization's systems, information assets, and data implemented upon any change in the status of employees, contractors, customers, business partners, or third parties?
Do you encrypt customer data at rest (on disk/storage) within your environment? What is Encryption strength?
Do you encrypt the data during transport? If so, what is encryption strength?
Do you conduct network, OS, and/or application vulnerability scans at some regular interval?
Do you have the capability to rapidly patch vulnerabilities across all of your computing devices, applications, and systems?
Do you have anti-malware programs installed on all systems which support your cloud service offerings?
Is the customer informed of an incident in the event of the unauthorized release of confidential or sensitive data?
Do you have a security information and event management (SIEM) system?
Does your logging and monitoring framework allow isolation of an incident to specific customers?
Are controls in place to prevent unauthorized access to application, program or object source code, and assure it is restricted to authorized personnel only?
Do you have outsourced providers that manage your service?
Do you have the ability to logically segment or encrypt customer data such that data may be produced for a single tenant only, without inadvertently accessing another tenant's data?
Do you have policies and procedures in place describing what controls you have in place to protect customers' intellectual property?
Do you allow customers to specify which of your geographic locations their data is allowed to traverse into/out of?
Does your incident response plan comply with industry standards for legally admissible chain-of-custody management processes & controls?
Do you enforce and attest to customer data separation when producing data in response to legal subpoenas?
Are you capable of supporting litigation holds (freeze of data from a specific point in time) for a specific customer without freezing other customer data?
Do you utilize or access customer data and/or metadata? If so, how?
Do you collect or create metadata about customer data through the use of inspection technologies (search engines, etc.)?
Do you support identity federation standards (SAML, SPML, WS-Federation, etc.) as a means of authenticating/authorizing users?
Do you provide customers with strong (multifactor) authentication options (digital certs, tokens, biometric, etc..) for user access?
Do you enforce strong (multifactor) authentication options (digital certs, tokens, biometric, etc..) for your administrators to manage the solution?
Do you utilize industry standards (Build Security in Maturity Model [BSIMM] Benchmarks, Open Group ACS Trusted Technology Provider Framework, NIST, etc.) to build-in security for your Systems/Software Development Lifecycle (SDLC)?
Are passwords stored in an encrypted format? Provide encryption algorithm used?
Do you verify that all of your software suppliers adhere to industry standards for Systems/Software Development Lifecycle (SDLC) security?
Does the solution provide for built-in userID/Password management?
Do you have a risk assessment program that has been approved by management, communicated, and assigned ownership?
Do you have a security program with established information security policies that have been approved by management, communicated, and assigned ownership?
Has the 3dEYE program and policies been reviewed within the last year?
Do you have a third-party management program that has been approved by management, communicated, and assigned ownership?
Do you execute background checks on employees?
What is the frequency of the background checks performed on the employees?
Do you have a change control or change management program and policy that has been approved by management, communicated, and assigned ownership?
Is there an antivirus/malware policy and program that has been approved by management, communicated, and assigned ownership?
Are system backups of Data performed? How often?
Is there any firewall / ACLs at the edge?
Are vulnerability assessments, scans and/or penetration tests performed on internal or external networks? How often? Is documentation available?
Are vulnerability tests (internal/external) performed on all applications at least annually?
Is there a formal Software Development Life Cycle (SDLC) process that includes security and privacy by design?
Are encryption tools managed and maintained?
Do you have an Incident Management program?
Is there a documented policy for business continuity and disaster recovery that has been approved by management, communicated, and an owner to maintain and review the policy?
How often are BC/DR tests performed?
Is a Business Impact Analysis conducted at least annually?
Is there an internal audit, risk management, or compliance department with responsibility for identifying and tracking the resolution of outstanding regulatory issues?
Are there regular privacy risk assessments conducted?
Is there a formal process for reporting and responding to privacy complaints or privacy incidents?
Is there a formal process for reporting and responding to privacy complaints or privacy incidents?
Is there a documented response program to address privacy incidents, unauthorized disclosure, unauthorized access, or breach?
Is there a documented privacy program with administrative, technical, and physical safeguards for the protection of Systems and Data?

Our Technology partners

Expertise you can trust

Free Trial3dEYE Cloud Video Surveillance System