IT Standards and ISO Compliance
EMAPTA is in the process of acquiring our ISO 27001 certification (formally known as ISO/IEC 27001:2005), the standard specification for Information Security Management System (ISMS).
As such, ISO compliant policies, processes and procedures are embedded in our operations to ensure Clients only get exceptional world-class service delivery. Below are the key aspects of our functions and processes:
Access Control
- Computers authenticate against a Domain and Users have unique accounts
- Network shares are controlled by Access Control Lists
- Computer terminals are locked after five minutes of inactivity
- Company backups are encrypted
- Capability to disable USB storage devices
Information Security Incident Management
- Network Monitoring Systems poll infrastructure, core services, and devices
- In the event of a failure, our 24/7 Network Operations Centre is notified and address the issue in accordance with business impact
Risk Assessment
- Bi-annual firewall penetration testing
- Monthly system backup tests
Organising Information Security
- Our IT Department operates with key guidelines tailored to each clients’ exact requirements
- Processes are customised for each company’s specific requirements
Human Resources Security
- Stringent HR screening policies ensure only suitable candidates are placed
- Induction process incorporates security guidelines
- Clearly documented staff exit procedures protect our client’s intellectual property
Physical and Environmental Security
- All sites are located in buildings manned by security personnel on all entry and exit points
- All EMAPTA sites and offices have Biometric authentication systems for verifying identity and controlling and recording all staff movements
Asset Management
- Hard and soft assets are registered in our Asset Management database
- Core equipment is secured in our climate controlled server rooms
Information Systems Acquisition, Development & Maintenance
- EMAPTA’s IT Department implements security mechanisms for local workstations and servers and VPNs and VLANs for clients’ workstations
- Workstations are protected by market-leading antivirus
- Firewalls and public-facing devices are regularly patched and updated
Business Continuity Management
- Multiple levels of redundancy in our Internet connectivity and core hardware including switches and firewalls
- Disaster recovery and expansion options in Eastwood and Makati
ISO Compliance
- Regular conduct of IT audits (firewall testing, and internal vulnerability scanning)
- Multi-level testing and inspection of workstations prior to deployment to staff
- Client installations checked against procedure document before ‘going live’