This code of practice focuses on information security management.  It recognises that information is a vital business asset.  Consequently, all information and the associated management processes, systems and networks, requires appropriate protection.

 

The code of practice is aimed primarily at end-user (Customer)  organisations, though some elements of it extend to the services provided by third parties and specifically outsource partners.  DigiPlex recognises the obligation to support its Customers in achieving compliance in these areas.  The following paragraphs refer to relevant sections of the standard Code of Practice and summarise the DigiPlex response.

We appreciate that all information processing facilities must operate in ways that are consistent with Customer security policies and have appropriate controls in place.  DigiPlex works with each Customer to ensure that all such needs are met.

 

Confidentiality and non-disclosure agreements form a standard part of the DigiPlex operating principles and are included in contract documentation.

 

DigiPlex will participate in and support the risk assessment procedures of Customers, working in tandem to put appropriate controls put in place.  DigiPlex’ established policies and procedures facilitate this process.

 

Facilities and day-to-day operational services at the Oslo Centre have been designed with the specific intent of addressing the risks, security controls and procedures that Customers need to consider for the protection of their information systems and networks.

 

The Centre’s physical security strategy creates five concentric security zones, each of which must be passed to access a secure Customer area.  The site grounds and car park are well lit and are enclosed by a high-security fence and security entry gates.  The grounds and fence are under CCTV surveillance.  Through these measures, combined with the demanding specification of the Centre's services and systems, DigiPlex provides a high level of security for customers' environments as standard. 

 

DigiPlex provides complete clarity, through contract documents and related policy statements, regarding responsibilities and procedures for the management and operation of facilities and the delivery of services.  When required, extra controls are defined and implemented to meet specific Customer needs.

 

Access to the Centre is controlled via voice intercom, proximity card reader and PIN code keypads.  Secure Customer modules are monitored via CCTV surveillance at both entry and exit sides of the access doors.  These doors are protected by proximity card readers, PIN code keypads and a manually selectable intruder alarm.  Additional security measures can be developed and implemented if required to meet specific Customer needs.

 

DigiPlex has in place well defined procedures for reporting incidents that might have an impact on the security of Customer assets.  DigiPlex staff are trained in the application of these procedures and are also made aware, as a part of their induction process, of the disciplinary process that applies to any breach of responsibilities.

 

DigiPlex has well defined business continuity procedures in place at the Oslo Centre.  These are designed to counteract interruptions to business activities and to protect Customers' critical business processes from the effects of major failure or disaster.

 

DigiPlex is committed to operating in full compliance with all legal, regulatory and contractual obligations.  Defined polices require comprehensive record keeping and regular performance audits at the Centre.  DigiPlex is committed to cooperating with Customers own compliance procedures.

 

 

DigiPlex is confident that the services provided at the Centre are appropriate for Customers' needs in regard to compliance with ISO/IEC 27002:2005.  At all times we endeavour to support Customers in achieving compliance.  We are committed to best practice in the services we provide.