Information is an essential asset and is vitally important to business strategic objectives and operational viability of both Linedata and its valued Customers.
One of Linedata top priority is ensuring, within every region and country that we operate in, that information assets are protected, reducing the risk of confidential information disclosure, alteration, or destruction; whether it be accidental or intentional.
Linedata’s Information Security Program draws heavily from the ISO/IEC 27001, ISO 27002 and ISO 27005 standards, and subsequently utilizes a risk management approach to Security utilizing processes and tools,
We strive to proactively meet regulatory and compliance requirements, with a global team of expert Information Security professionals.
Linedata’s Information Security Program objectives are the following :
- To ensure confidentiality and integrity of software and data delivered by Linedata to its customers;
- To ensure data availability, integrity and confidentiality with respect to the use of computer networks and information assets within Linedata;
- To ensure services availability pertaining to those services provided to Linedata’s customers and internal stakeholders;
- To assess, identify, prioritize, manage internal and external threats and vulnerabilities.
Linedata’s Information Security Program extends through risk-targeting operational facets:
Linedata follows secure application development and maintenance processes to minimize unauthorized access, data alteration, or downtime risks of Linedata applications.
Internal Professional Services and Software Development Groups develop software applications based on industry best practices, incorporating security throughout our software development life cycle (SDLC).
Linedata developers are educated, and kept up-to date with regards to evolutions of Secure Coding Practices, general development practices, common web security practices, and Threat Modeling (OWASP, BSIMM).
Penetration and vulnerability testing
As a part of the application development lifecycle, we are testing our assets and developed applications. Linedata performs both penetration and vulnerability. Manual and automatic scanning techniques are employed to ensure that systems remain secure to the outside world.
Hosting security (segregation of client data environments)
As a part of our Infrastructure Security Program, we put our focus on Hosted Infrastructure Security.
As a software provider for financial services firms all over the globe, security for Linedata is a top priority. ASP systems must meet the requirements of banking regulators in multiple jurisdictions and multiple countries as well as the individual needs of each customer. Overall, Linedata systems are primarily designed around the Gramm–Leach–Bliley Act (GLBA) Safeguards Rule, as they store and process financial transaction information, as well as our client’s clients personally identifiable information for financial services customers.
A comprehensive Role Based Access Control (RBAC) program is in place within Linedata, ensuring that only personnel with valid business requirement and need can access assets and data based upon their access rights. All access is monitored, and there exists multiple gates for requesting and granting access.
Monitoring and Response
Linedata has incorporated people, process and technology into its monitoring of solutions, network operations, as well as application and functionalities. Linedata’s network and associated assets are closely monitored for any events that require an immediate security response.
Business Continuity and Disaster Recovery
Data is regularly and securely backed up at Linedata to ensure swift recovery in the event of an incident. Business Continuity Plans and Disaster Recovery Plans are regularly tested on production assets and systems to ensure successful operation in the case of an emergency.
Linedata undergoes regular internal and external audits to ensure compliance with various laws and regulations within our numerous operating countries, regions and locations.
Linedata also ensures that any relevant third parties meet the same requirements and undergo the same rigorous audit testing. All audit results are made available to applicable stakeholders.