Access and Site Controls. (a) Site Controls. On-site Data Center Security Operation. Google’s data centers maintain an on-site security operation responsible for all physical data center security functions 24 hours a day, 7 days a week. The on-site security operation personnel monitor closed circuit TV (CCTV) cameras and all alarm systems. On-site security operation personnel perform internal and external patrols of the data center regularly. Data Center Access Procedures. Google maintains formal access procedures for allowing physical access to the data centers. The data centers are housed in facilities that require electronic card key access, with alarms that are linked to the on-site security operation. All entrants to the data center are required to identify themselves as well as show proof of identity to on-site security operations. Only authorized employees, contractors and visitors are allowed entry to the data centers. Only authorized employees and contractors are permitted to request electronic card key access to these facilities. Data center electronic card key access requests must be made through e-mail, and requires the approval of the requestor’s manager and the data center director. All other entrants requiring temporary data center access must: (i) obtain approval in advance from the data center managers for the specific data center and internal areas they wish to visit; (ii) sign in at on-site security operations; and (iii) reference an approved data center access record identifying the individual as approved. On-site Data Center Security Devices. Google’s data centers employ an electronic card key and biometric access control system that is linked to a system alarm. The access control system monitors and records each individual’s electronic card key and when they access perimeter doors, shipping and receiving, and other critical areas. Unauthorized activity and failed access attempts are logged by the access control system and investigated, as appropriate. Authorized access throughout the business operations and data centers is restricted based on zones and the individual’s job responsibilities. The fire doors at the data centers are alarmed. CCTV cameras are in operation both inside and outside the data centers. The positioning of the cameras has been designed to cover strategic areas including, among others, the perimeter, doors to the data center building, and shipping/receiving. On-site security operations personnel manage the CCTV monitoring, recording and con...
Access and Site Controls. Control Activities and Processes. Control activities provide reasonable assurance that logical access to relevant applications, data and system resources is restricted to properly authorized individuals and programs. Sprinklr Tech Operations team is responsible for configuration and administration of the firewall and security groups to control security and access to “internal” network infrastructure. Backend infrastructure requires two level access mechanisms. For Linux servers, public key based SSH authentication is used to access the Access Server. From Access Server, LDAP authentication is used to access other servers. LDAP authentication is based on User ID and Password. For Windows servers, RDP over SSL is used for both legs. Access to applications is achieved via HTTPS, providing secure encrypted transport sessions to the application. Sprinklr defines user access using role-based access control (RBAC) approach, where role is used to determine user access to only required features and functions. All sensitive data used by the system is stored encrypted, and direct access privilege to data store instances is given to database administrators only. There is no direct end-user access to data store. End-user access is available only via the application. The completion of the SOC 1 Type I examination typifies Sprinklr’s continued commitment to create and maintain the most stringent controls needed to ensure the highest quality and security of service provided to its Customers. The system is deployed on Linux and Windows server instances via Amazon Elastic Compute Cloud (EC2) managed service, which provides reliable and flexible server deployment including OS level patches. Firewalls and host-based intrusion detection systems are deployed on the system. All security monitoring systems including, but not limited to, firewalls and host intrusion detection systems are deployed and enabled. All infrastructure platforms and services (operating systems, web servers, database servers, firewalls, etc.) are configured according to industry best practices. Sprinklr Tech Operations team is responsible for configuration and administration of the firewall using AWS security groups to control security and access to “internal” network infrastructure. The Data Importer has, and maintains, a security policy for its personnel, and requires security training as part of the training package for its personnel. The Data Importer’s infrastructure security personnel are responsible...
Access and Site Controls
