SECURITY PRACTICES

Physical Security – Data Centers

The following controls apply to Selerum’s provision of Hosting Services

1.1 Servers and devices dedicated to your use as part of a Hosted System provided by Selerum will be located in a controlled access data center (or portion thereof) either operated by or dedicated to use by Rackspace Inc., Google Inc. or Amazon Inc.

1.2 Selerum uses hosting providers that make use of an Electronic Access Control System managed by a professional security guard force in line with its current processes. Vendors access logs are retained for a period of at least twelve (6) months.

1.3 Access to the raised production floor of the data halls is restricted to Vendor’s employees or its agents who need access for the purpose of providing the Services. Access within data center facilities is in zones and provisioned based on physical access rights required by a given individual.

1.4 The Vendor’s data center will be staffed 24/7/365 and will be monitored by video surveillance, recording to a centralized location and viewed by the onsite security force.

1.5 Entrance to the data center will be authorized by proximity-based access cards and biometric hand scanners or other approved security authentication methods.
Information Security Controls

Selerum uses third party hosting providers that engage qualified third party auditors to perform examinations of its systems and services in accordance with: the best practice recommendations of ISO 27002, for the purpose of auditing the Vendor’s compliance with ISO 27001; SSAE 16 and ISAE 3402 compliance frameworks, and the AT 101 compliance framework (based upon select Trust Services Principles); and/or equivalent industry standards. The Vendor’s annual SOC report(s) or suitable equivalent standard(s) are available to Customer upon the Customer’s request subject to the Vendor’s SOC distribution requirements. Not all Vendor Services are included in the scope of the SOC report(s) or audits described above, for details please contact your account manager.
Selerum Personnel

3.1 Screening. Selerum will perform pre-employment background screening of its employees who have access to customers’ accounts, and is committed to employee supervision, training, and management.

3.2 Selerum Access. Selerum will restrict the use of administrative access codes for customer accounts to its employees and other agents who need the access codes for the purpose of providing the Services. Selerum personnel who use access codes shall be required to log on using an assigned user name and password.

3.3 Customer Access. As the primary system administrator, the customer is responsible for the management of their accounts, including creation, change management, and termination, and enforcement of related remote working and password controls.
PCI-DSS

With respect to the security of cardholder data, as that term is defined in the Payment Card Industry-Data Security Standard, we may possess or otherwise store, process or transmit on Customer’s behalf, Selerum agrees to provide (i) those physical, technical, and administrative safeguards described in your Agreement with Selerum and (ii) the Services selected by you and described in the applicable Service Description; provided that Customer remains responsible for ensuring all PCI-DSS requirements are met with respect to such cardholder data. Selerum selects vendors with PCI-DSS Service Provider, or equivalent, accreditation with regards to dedicated infrastructure Hosting Services (excluding managed virtualization services).
Reports of and Response to Security Breach

Selerum will report to you as soon as reasonably practicable in writing of a material breach of security of the Hosted System which results in unauthorized access to your Customer Data of which we become aware, in accordance with applicable law. Upon request, we will promptly provide to you all information and documentation that we have available to us regarding your Hosted System in connection with any such event.

Source URL: http://www.selerum.com/legal/securitypractices