Security and trust

A relationship of trust begins with transparency in security

Security and trust

From GlobalSUITE Solutions we believe in security as a differentiating element in the search for trust on the part of our customers. That is why our services and processes have been born taking into account this requirement since its design.

Part of this effort has crystallized in having an integrated management system that allows the governance of our processes and is certified in ISO 27001, ISO 22301, ISO 9001, ISO 20000, ISO 37001 and UNE 19601 . This framework provides us with the tools needed to address the organization’s objectives, manage risks, and define the necessary controls.

PHYSICAL SECURITY

Work centres Data centers

We have controls in our workplaces that prevent access by unauthorized personnel, both automated and face-to-face. This allows us to provide our services closely without leaving aside security.

Access by non-organizational personnel is under internal supervision, providing limited access in relation to the purpose for which they entered our facilities.

In all our centers we have physical controls that allow the detection of anomalies (CCTV systems, alarms, etc.) and react to them quickly.

To achieve a good service, GlobalSUITE ® uses three localized data processing centers that allow the provision of the service in the face of unavailability in one of them.

These data centers are internationally recognized for the quality and security in the provision of their services, having different certifications that require them to have top-notch controls for physical access to meet their commitments to ensure the security of the information that is hosted in them.

The security measures implemented range from rigorous access controls only by authorized personnel and at all times accompanied by internal personnel of the organization, to optimal management of environmental and supply conditions.

All access logs, including authorized personnel, will be available at any time and will be treated internally as a security incident within GlobalSUITE Solutions to identify the root cause and prevent its future occurrence.

INFRASTRUCTURE SECURITY

Network Security Detection and prevention
Intruders

Our security strategy in the provision of services follows the principles of defense in depth, applying controls at each of the layers that result in a robust infrastructure on which GlobalSUITE is supported®.

Following this principle, in the first instance, in addition to the controls proposed by the different service providers that connect us to the Internet, we have Perimeter firewalls to prevent unauthorized access, also allowing the segmentation of the different components into separate networks, thus improving the efficiency and security of the information.

Our infrastructure is configured in high availability,to ensure the availability of the service in the event of physical or logical breakdowns. In the same way, active monitoring of all network elements is available to ensure their proper functioning and alert to possible suspicious activities or anomalies.

As an additional protection measure, the architecture has services that enable cleanup, network routing, and filtering to manage attacks from previous layers.

Our communications network has intrusion prevention and detection systems, with probes at both the network and host level (NIDS and HIDS, respectively). This architecture allows us to identify anomalos events both on the network and on the servers used to provide our service and act automatically in the face of malicious events.

In addition, the application has an application-level firewall,or WAF, that allows you to react to requests considered malicious against known or behavior-based attacks.

The infrastructure supported by GlobalSUITE® has implemented mechanisms for the detection and prevention of intrusions, established from an IDSs architecture on Host and Network (HIDS and HIPS).

All of this is centrally managed through our information management system and security events, or SIEM, which allows us to monitor and correlate the events produced by our agents, notifying in a timely manner and viewing in real time the actions.

DATA SECURITY

Safety from design Data isolation Encryption Data privacy

The platform together with all the functionalities developed for GlobalSUITE® are the consequence of a development process that takes into account security both in the design of the product and in its functionality.

Safety is present at every stage of the system development and design cycle,from defining requirements to validations performed,internally and externally, at the production stage.

An example of this is the integration of the recommendations of the OWASP guide into the different stages that make up the aforementioned cycle, ensuring that the final product does not contain known vulnerabilities.

Segregation of our infrastructure also allows us to logically divide the storage of our customers’ data, offering an additional measure of protection in access to them.

This level of isolation allows us to ensure the confidentiality of the information of each of the customers, avoiding unauthorized access.

The tool has encryption of data in transit, protecting customer data over public networks using encryption protocols that prevent its visualization.

All connections made to GlobalSUITE® have encryption using the TLS 1.2 protocol,providing an additional level of security at the transport layer and being impossible to negotiate a version prior to it.

This level of protection is implemented on all connections, including Web Access and APIs used by the tool.

The privacy of your data is important to us, and we also know how important it is to you. That is why we consider transparency about our data collection process,the use of data and whether we could share it vital.

At GlobalSUITE® we do not access personal data or collect, store or process it for any purpose. We simply use them to offer you the best service and be able to contact you in case you need it. You can see more in our privacy policy.

The providers used for the provision of the service comply with the same security conditions as us, implementing security measures higher or equivalent to those required.

Upon termination of the organization’s contractual relationship with its customers, compliance with data retention deadlines or after a request by the customer will be made a secure destruction of the information.

OPERATIONAL SECURITY

Vulnerability management Backups and replication Business continuity Hardering servers

The organization has a vulnerability management process that allows the implementation of the different changes reported by the manufacturers, as well as configuration failures that could lead to a security problem.

This process has several input activities, such as the detection of possible vulnerabilities by our internal team,an external team that performs periodic audits or by the manufacturers themselves using the communication channels arranged for this purpose.

These reviews are managed internally,also actively analyzing all external security reports and news or communications from stakeholders that could affect the infrastructure or the correct provision of the service.

All detected vulnerabilities, regardless of the origin of these, are prioritized, identified their root cause, put in place a contingency measure as quickly as possible to avoid the possibility of vulnerability, and finally, resolved.

All data has a backup that guarantees its availability. This support process includes a variety of strategies and policies that span the entire data cycle, from its creation to its destruction

Our replication policy includes storage in relocated centers, in order to prevent the loss of availability of the same in the event of an incident that entails the impossibility of providing the service from the main CPD. Our backup policy has associated activities that aim to ensure validation and correct restoration of information on a regular basis, thus eliminating possible errors in the replication process.

In order to prevent the loss of confidentiality of backup data, all of it is encrypted using secure standards, both at source and at destination.

The organization has a business continuity management system, SGCN stands for, ISO 22301 certified, regularly audited and thus ensuring the complete updating of the various components that form it, such as the disaster recovery plan and the business continuity plan.

Each of the three CPDs that make up GlobalSUITE’s infrastructure® has power backup, temperature control, fire prevention systems; having different certifications that show the correct condition of security measures, being audited on a regular basis.

Our business continuity process also accommodates internal services for the proper functioning of GlobalSUITE®, achieving a complete service resilience.

The production of a server to execute activities within the organization has a previous stage of “Hardering” that allows us to reduce vulnerabilities derived from the default configurations.

This Hardering process is constantly evolving, in parallel with the new services and vulnerabilities of the industry, however, always guided by the good practices of the CIS (Center for Internet Security) guides.