Ever vigilant about client security

security-blogIn a post-Target credit card-breach world, we get plenty of questions from clients about the security of their data, proprietary information and more when working with Coherent as a software development partner.  Of course we have a detailed guide and set of procedures for creating and preserving security, but clients (rightly so) need periodic assurances that their intellectual property is being handled with the greatest care and security.

Areas requiring security

We maintain our own stringent standards for handling, storing and accessing customer information, which most of our clients rely upon. But some have preferred means for protecting their vital information and we are always willing to work with clients to determine the best plan for protecting their property. Areas for which we have specific security policies and procedures include, but are not limited to:

  • Source code
  • Security credentials
  • Proprietary documents
  • Financial data
  • Healthcare information
  • Personal identification (eg: address, social security number, etc.)

Controls

There are a wide variety of controls for protecting information in storage, in use and in transmission. At Coherent we use multiple check points to guarantee that each client’s data is kept separate from other clients’ data; access is strictly limited to team members; sensitive materials are properly encrypted in transmission; cloud sharing and other services are used with caution and client approval; and finally, security measures are reviewed and validated at least quarterly. Each time we onboard a new customer, we take the opportunity to improve and enhance our security measures based on that customer’s requirements and feedback we receive on our existing policies and procedures.

We use tools in three main categories to maintain security.

Human and facility security – Our security policies are clearly stated in our manual and team members are trained in procedures. We secure access to company facilities and to workstations, networking devices and any other equipment on the company network.

Communications – Dealing as we do with external web resources, and communicating with dozens of customers, we use a variety of tools to securely transfer and store information. All information in transit is encrypted using HTTPS and SFTP/FTPS over the internet, and sensitive information is encrypted on removable media and portable / mobile computing devices.

Equipment – Information can be contained on hard copies and electronic devices, so we have policies for disposing of both. When hard copies are no longer needed by the team, they are properly disposed of in a crosscut shredder. Electronic material is wiped using at least a three-pass erase method.

Of course this is just a portion of what is included in the scope of our security policies and procedures. Anyone interested in learning more about Coherent Solutions’ security policies can contact me at: maxb@coherentsolutions.com.