Shared Assessments (“SIG questionnaire”) allows organizations to build, customize, analyse and store vendor assessments for managing third party risk.
The SIG questionnaire framework helps assess Antlysis against risk areas including cybersecurity, IT, privacy, data security, and business resiliency, and is aligned to many industry standards (i.e., ISO/IEC 27002:2013, PCI, NIST SP 800-53 Rev 4, HIPAA, and GDPR).
Antlysis has filled out the SIG core questionnaire, answering 956 controls questions scoped to CSA CCM and ISO/IEC 27002 controls.
The SIG questionnaire may be requested via the Compliance Reports Manager. Potential customers can reach out to sales for more information.
Furthermore, our organisation has created an information security management program (ISMP) that outlines the concepts and procedures for maintaining Trust and Security initiatives. We do so by assessing threats to our operations on a regular basis and strengthening the security, confidentiality, integrity, and availability of our development and production environments. We review and update security policies on a regular basis, execute application and network security testing, and track compliance with security policies.
Our company will manage access to company information and customer information based on business needs and in line with our company values. Refer to our Risk Management Program for more detail on our governance and commitment
The general ideas and standards for Access Management are outlined in this policy. For additional information, see our employee handbook.
This policy sets out the general principles and guidelines for management of our company’s IT assets and how those assets should be handled. Refer to our employee handbook for more detail.
This policy establishes the general principles that guide our approach to the resilience, availability, and continuity of our company’s processes, systems, and services. It specifies the processes for business continuity, disaster recovery, and crisis management. For more information, see our Business continuity and disaster recovery management document.
When creating and granting access for a new end user account:
Our password creation should have at least entropy of 100 bits and above. Password entropy is a measure of password strength. It can be achieved follow the guide below:
Secondly, all members of the company should be aware that passwords and passphrases must not be:
Should a staff member believe their password/phrase has been compromised or made available to others, they must immediately reset/change their password and notify the respective members of the IT department.
Thirdly, passwords/phrases shall be changed on a regular basis according to the following schedule:
This policy establishes the broad principles and guidelines for managing the security of our communications and networks.
This policy establishes and defines data classification ratings and includes descriptions, examples, requirements, and guidelines regarding the treatment of data included within each classification rating. The classification ratings are based on legal requirements, sensitivity, value, and criticality of the data to our company, our company’s customers, and our company’s partners and vendors. Refer to our Guidelines for Data Classification document for more detail.
This policy sets out the general principles and guidelines for securing our buildings, our offices and securing our equipment.
This policy sets out principles to ensure that our company implements appropriate security measures that help protect data privacy. Below are few steps taken by us to ensure privacy protection
This policy establishes the general principles and guidelines for our company’s response to actual or suspected security incidents. Our company is responsible for keeping an eye out for incidents within the organisation that may jeopardise the confidentiality, integrity, or availability of information or information systems. Every suspected incident must be reported and investigated. For more information, see our Computer Security Incident Handling Guide.
This policy establishes the general principles and guidelines for selecting, engaging, monitoring, and offboarding suppliers. More information on the Third-Party Risk Management Program can be found in our Risk Management Program.