banner
banner

SBS IT Infrastructure

SECURITY & CONFIDENTIALITY PRACTICES

SBS has in place a set of “Information Security Management Policies and Practices” designed to protect the security and confidentiality of customer data received, held and transmitted back to customers in the course of providing services.

Key features of the policies and practices are enumerated below:

SERVICES:

  • Services are provided to customers only from SBS’s IT environment by SBS employees
  • Provision of service to customers is not “outsourced” to subcontractors

PREMISES:

  • SBS delivery centers operate out of premises where SBS has legal right to operate business under a registered lease
  • SBS premises are fully ring fenced and all access points are:
    • operated with two levels of authentication (biometric and proximity cards)
    • fully guarded on a 24 x 7 basis
    • monitored by closed circuit cameras
  • The service delivery zone within SBS premises is:
    • accessible only on a “need to access” basis
    • accessible by a proximity card
    • monitored by close circuit cameras
  • Employees are prohibited from bringing in any phone, computer or device into service delivery zone
  • All inward and outward movement of goods are recorded and authenticated
  • All paper waste are shredded first before removal
  • All computer equipment are blanked out before remova
  • All visitors are subject to a Visitor management system. Unauthorized people cannot enter premises
  • All incoming materials are receipted at gate, inspected and forwarded to appropriate custodians within SBS
  • The service delivery zone where client processes are managed is kept “paper free” as much as possible. In the rare instances when presence of paper is inevitable (due to the nature of the process), a “clean desk policy” is enforced when employees are away from desk even for a very short period
  • All areas in service delivery premises (other than cafeteria and personal comfort rooms) are subject to video camera surveillance on a 24 x 7 basis. Video records are kept in archives for 30 days

TECHNOLOGY INFRASTRUCTURE:

  • SBS network is fully ring fenced and protected against virus, intrusion and denial of service attacks
  • SBS network is protected against wireless access; access permitted only to recognized devices
  • Connection with customer networks would be, as far as possible, through VPN circuits
  • Workstations would not facilitate
    • any removable storage media (including CDs/DVDs, USB/Flash drives)
    • storage of data; all storage would be in Central Storage areas
    • access to internet
    • access to emails that can transmit messages to addresses other than an approved list of addresses
  • Access to individual workstations would be controlled through user ID and password unique to each employee
  • Access to customer systems would be through masked utilities. User ID and password for accessing customer systems will not be made known to employees
  • Access to central storage would be on a need to know basis
  • Business continuity capacity will be maintained at a different delivery center (in same city) for providing up to 20% of total capacity to handle mission critical processes. (This is optional service & would involve a higher pricing)
  • Emails are encrypted relating to inward/outward transmission of work would be received/sent through an impersonal email id monitored by shift supervisors so that absence of any one individual does not affect flow of communication
  • SBS FTP servers are SFTP enabled and are hosted in Australia to meet compliance requirements
  • All computing equipment are purchased from original equipment manufacturers with warranty
  • All software licenses are original and procured from approved vendor

ACCESS TO CLIENT NETWORK/SYSTEMS AND TRANSFER OF DATA:

  • If Client processes involve access to Client’s network such access is through a IPSEC VPN to prevent unauthorized access from locations outside SBS’s network
  • If Client processes involve access to Client systems/data whether hosted within Client’s network or in publicly hosted systems, such access shall be through User identities and Passwords that are not visible to employees and are invoked from encrypted utilities held in central storage through authorized workstations by authorized employees to prevent unauthorized access to Client Systems/data from locations outside SBS network
  • All transfer of files between SBS and Client (except when uploaded to or downloaded from Job management systems) is through FTP and not as attachments to emails. Where email is the only feasible method of transmission (because of restrictions at Client’s premises) email facilities shall be restricted to send emails to specified Client addresses alone

CLIENT DATA:

  • All data from Clients are held as confidential in designated areas in our central storage server within our service delivery centre and made accessible to employees on a strict “need to know” basis. Senior management is presumed to have no need to know Client data unless proven otherwise.

BUSINESS CONTINUITY:

  • Each service delivery centre of SBS has a dedicated back-up centre capable of continuing service for up to 20% of primary centre’s workload within 1 hour to handle mission critical work. Business continuity arrangements for individual Clients vary based on mission criticality of work and contractual terms. . (This is optional service & would involve a higher pricing)
  • The back-up delivery centre is connected to primary delivery centre; and does not depend upon primary centre’s network, central servers/storage, computing assets or connectivity to kick in and continue operations. It has a parallel set of network assets, central servers/storage, computing assets and connectivity to internet.
  • Data held in the central storage of primary delivery centre is backed up at specified frequency into the storage of back up delivery centre to minimize the impact of any disruption.
  • All computing assets used in SBS are original brand assets with warranty support from authorized vendors. All off-the-shelf software used in SBS is licensed from authorized vendors. Deployment of unauthorized or pirated software is prohibited. All in-house developed software are subject to formal change control processes and source codes are held in independent custody in a fireproof vault with Company’s bankers.
  • Every service delivery centre has connectivity bandwidth from at least two vendors, using at least two media, in two directions and in the case of international bandwidth using two different undersea cables. Connectivity bandwidth for each delivery centre is at least 150% of maximum requirement (primary 100% and secondary 50%).

SERVICES

  • Services are provided to customers only from SBS’s IT environment by SBS employees
  • Provision of service to customers is not “outsourced” to subcontractors

PREMISES

  • SBS delivery centers operate out of premises where SBS has legal right to operate business under a registered lease
  • SBS premises are fully ring fenced and all access points are:
    • operated with two levels of authentication (biometric and proximity cards)
    • fully guarded on a 24 x 7 basis
    • monitored by closed circuit cameras
  • The service delivery zone within SBS premises is:
    • accessible only on a “need to access” basis
    • accessible by a proximity card
    • monitored by close circuit cameras
  • Employees are prohibited from bringing in any phone, computer or device into service delivery zone
  • All inward and outward movement of goods are recorded and authenticated
  • All paper waste are shredded first before removal
  • All computer equipment are blanked out before remova
  • All visitors are subject to a Visitor management system. Unauthorized people cannot enter premises
  • All incoming materials are receipted at gate, inspected and forwarded to appropriate custodians within SBS
  • The service delivery zone where client processes are managed is kept “paper free” as much as possible. In the rare instances when presence of paper is inevitable (due to the nature of the process), a “clean desk policy” is enforced when employees are away from desk even for a very short period
  • All areas in service delivery premises (other than cafeteria and personal comfort rooms) are subject to video camera surveillance on a 24 x 7 basis. Video records are kept in archives for 30 days

TECHNOLOGY INFRASTRUCTURE

  • SBS network is fully ring fenced and protected against virus, intrusion and denial of service attacks
  • SBS network is protected against wireless access; access permitted only to recognized devices
  • Connection with customer networks would be, as far as possible, through VPN circuits
  • Workstations would not facilitate
    • any removable storage media (including CDs/DVDs, USB/Flash drives)
    • storage of data; all storage would be in Central Storage areas
    • access to internet
    • access to emails that can transmit messages to addresses other than an approved list of addresses
  • Access to individual workstations would be controlled through user ID and password unique to each employee
  • Access to customer systems would be through masked utilities. User ID and password for accessing customer systems will not be made known to employees
  • Access to central storage would be on a need to know basis
  • Business continuity capacity will be maintained at a different delivery center (in same city) for providing up to 20% of total capacity to handle mission critical processes. (This is optional service & would involve a higher pricing)
  • Emails are encrypted relating to inward/outward transmission of work would be received/sent through an impersonal email id monitored by shift supervisors so that absence of any one individual does not affect flow of communication
  • SBS FTP servers are SFTP enabled and are hosted in Australia to meet compliance requirements
  • All computing equipment are purchased from original equipment manufacturers with warranty
  • All software licenses are original and procured from approved vendor

ACCESS TO CLIENT NETWORK/SYSTEMS AND TRANSFER OF DATA

  • If Client processes involve access to Client’s network such access is through a IPSEC VPN to prevent unauthorized access from locations outside SBS’s network
  • If Client processes involve access to Client systems/data whether hosted within Client’s network or in publicly hosted systems, such access shall be through User identities and Passwords that are not visible to employees and are invoked from encrypted utilities held in central storage through authorized workstations by authorized employees to prevent unauthorized access to Client Systems/data from locations outside SBS network
  • All transfer of files between SBS and Client (except when uploaded to or downloaded from Job management systems) is through FTP and not as attachments to emails. Where email is the only feasible method of transmission (because of restrictions at Client’s premises) email facilities shall be restricted to send emails to specified Client addresses alone

CLIENT DATA

  • All data from Clients are held as confidential in designated areas in our central storage server within our service delivery centre and made accessible to employees on a strict “need to know” basis. Senior management is presumed to have no need to know Client data unless proven otherwise.

BUSINESS CONTINUITY

  • Each service delivery centre of SBS has a dedicated back-up centre capable of continuing service for up to 20% of primary centre’s workload within 1 hour to handle mission critical work. Business continuity arrangements for individual Clients vary based on mission criticality of work and contractual terms. . (This is optional service & would involve a higher pricing)
  • The back-up delivery centre is connected to primary delivery centre; and does not depend upon primary centre’s network, central servers/storage, computing assets or connectivity to kick in and continue operations. It has a parallel set of network assets, central servers/storage, computing assets and connectivity to internet.
  • Data held in the central storage of primary delivery centre is backed up at specified frequency into the storage of back up delivery centre to minimize the impact of any disruption.
  • All computing assets used in SBS are original brand assets with warranty support from authorized vendors. All off-the-shelf software used in SBS is licensed from authorized vendors. Deployment of unauthorized or pirated software is prohibited. All in-house developed software are subject to formal change control processes and source codes are held in independent custody in a fireproof vault with Company’s bankers.
  • Every service delivery centre has connectivity bandwidth from at least two vendors, using at least two media, in two directions and in the case of international bandwidth using two different undersea cables. Connectivity bandwidth for each delivery centre is at least 150% of maximum requirement (primary 100% and secondary 50%).