In our previous blog article on the Top 10 Library Management System Security Issues, we reviewed the complexity of cybersecurity and outlined the security issues and points that need to be considered in our industry. To understand why those security issues are important at a typical Soutron installation, one needs an understanding of the Soutron SaaS solution and the security programs and standards our solution supports.
The Soutron security policy, supporting security standards, and privacy policy are reviewed and updated annually. All employees are initially informed about our security policies and given relevant training based on their role in the company to ensure their security awareness is up to Soutron standards. Periodic reminders are sent to all employees with security updates, such as a new phishing attack variant, as reminders to remain vigilant.
Our password policy includes processes for granting and removing access rights of employees, contractors and third-party users upon hiring, job role change, and termination. Our application provides support for secure authentication using technologies such as:
Soutron data centers are in North America, the United Kingdom, and Europe and are owned and operated by third parties. The physical security of the data centers restricts access to the data center itself and to your information assets by data centre support personnel. Back-up processes and power generators ensure that the systems have power security to help provide for business continuity and disaster recovery.
Our secure software development standards support how source code is managed. Controls are in place to separate the development, testing, and production environments. Access to source code is restricted, except during peer code review sessions.
To minimise risk, new applications are installed and tested in a test/development environment before being deployed to production servers. Internal IT staff agree and sign-off on implementation to production, including patch management and execution of Zero Day patching processes.
The same processes are in place for infrastructure and network changes. To further minimise risk, we work with all third-party vendors to stringently ensure previous compliance and performance capabilities remain the same or are better than before. All production system changes are logged for each application, system, database, infrastructure, and other services.
Our information security capabilities for threat and vulnerability management follow the National Institute of Standards and Technology (NIST) and UK Cyber Essentials Plus cybersecurity framework guidelines. These guidelines provide for the controls Soutron has in place for the detection, prevention, and recovery to protect and recover against malicious code in addition to our security logging and review process.
The network topology is straightforward. The network security solutions Soutron has in place enable us to provide a secure platform using technologies such as HTTPS within our application, Single Sign-On (SSO), IP Whitelisting, multi-factor authentication for remote access, a robust network firewall, and other internal application configurations. Augmented by a robust device management security, these policies protect your confidential information.
The Soutron application runs on a web server and the data is stored in a separate database server housed within a secure datacentre facility. These servers are protected by a robust firewall. Access to the servers is controlled by an AD server hosted on the same virtual network within the datacentre.
Cybersecurity awareness and knowing how your applications and data are securely protected is more important than ever, and your organisation can rest assured that Soutron follows current cybersecurity frameworks and standards to ensure your collections are stored securely, access and use are securely controlled, and personally identifiable information contained in your system is securely stored and compliant with GDPR regulations.
> Soutron Library Management
> Soutron Records Management
> Soutron Archive
> Soutron Discovery
1989 – 2024 © Soutron Global Inc – All Rights Reserved | Terms & Privacy | Sitemap
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More
Name | Domain | Purpose | Expiry | Type |
---|---|---|---|---|
Google Analytics | www.soutron.com | This cookie is used by Google Analytics | 1 Year, 1 month | HTTP |