 |
|
|
ASP Advantage : Best Practices : Detailed Best Practices |
||||||
|
 |
|
|
||||||
|
|
|
WTS adheres to industry best practices for IT outsourcing. The categories evaluated include Organizational and Administrative Controls, Physical Security and Environmental Controls, Logical Access Controls, Backup and Recovery, System Availability and Performance, and Change Controls. Below is a list of the best practices WTS follows. Organizational and Administrative ControlsControl policies and procedures provide reasonable assurance that trustworthy personnel are recruited, trained, and assigned to defined and properly segregated roles. Procedures exist in support of Recruiting policies, Personnel Background Checks, Training, Employee Separation, Segregation of Duties, Job Descriptions, Policy Directives, Standards, and Responsibilities. Physical Security and Environmental ControlsControl policies and procedures provide reasonable assurance that hardware, software, data, confidential information, and communication facilities are protected from damage, destruction, and unauthorized use. Procedures exist in support of Physical Access to the Data Center, Physical Access to the Network, and Environmental Controls. Logical Access ControlsControl policies and procedures provide reasonable assurance that logical access management is supervised and that access to operating systems, programs, and data is limited to properly authorized individuals. Procedures exist in support of Security Administration, Security Configuration of the Computer Equipment, Protection of Customer Data, Protection of Data from the Customer’s Own Employees, Protection of Data from WTS’s Employees, and Security Configuration of the Network. Backup and RecoveryControl policies and procedures provide reasonable assurance that an effective backup and recovery plan as well as a media library management system is in place to assure the continuation of business in the event of an interruption or other failure. Procedures exist in support of Backup Provisions, Media Library Management, and Network Backups. System Availability and PerformanceControl policies and procedures provide reasonable assurance that system operation and resources will be adequately managed in order to maximize system availability and performance. Procedures exist in support of Power Outages, Equipment Failure, Telecommunications Failure, Hardware Capacity Planning, Network Capacity Planning, Routine Maintenance, and Problem Management and Customer Support. Change ControlsPolicies and procedures provide reasonable assurance that WTS manages hardware and software acquisitions and changes in a controlled and consistent manner. Procedures exist in support of Software Acquisition, Changes in Hardware, Authorization of Customer Initiated Change Requests, Authorization for WTS Initiated Change Requests, Changes in Software, and System Changes. User Organization ControlsPolicies and procedures provide reasonable assurance that WTS manages changes in Application Level Security, Securing Network Equipment at the customers Location, Reporting Security Breaches, Unattended Workstations, Change Management Controls, Dial-up Access, Internet Access, and Business Continuity. Disaster Recovery and Business ContinuityPolicies and procedures provide reasonable assurance that WTS manages for potential disruptions in operations by developing a business continuity plan. The plan assists WTS in effectively planning for, and acting upon, during emergencies that might impact operations of their customers. WTS has invested in standby hardware, servers, and network equipment at a backup data center. On a daily basis, customer data is sent from the production data center. Periodic rehearsals of the disaster recovery plan are executed to ensure that the plan is working properly. About WTS | ASP Advantage | Solutions | Case Studies | Contact Us | Site Map
© Copyright 2002-2008 WTS, Inc. | Terms of Use | Privacy Statement |
||||||
