Proactive Security. The Proactive Security provision of the Managed Hosting Support services are described in Core Support Section A.7.4.7
Proactive Security. The Proactive Security provision of the Managed Platform Support services are described in Core Support Section A.7.4.7
Proactive Security. The Service Provider maintains a Cloud Security Policy based on the Cloud Security Guidance published by the United Kingdom’s National Cyber Security Centre (xxxxx://xxx.xxxx.xxx.xx/collection/cloud-security). Over and above, the provision of the Cloud Security Policy, The Service Provider also includes the following security activities as part of its Managed Hosting Support, Managed Platform Support and Managed Application Support services.
Proactive Security. The Proactive Security provision of the Managed Application Support services are described in Core Support Section A.7.4.7 A.7.5.5 Application Changes (Upgrades) The Service Provider shall include the analysis, implementation and documentation of changes to the Application (Application Changes). Application Changes are defined as any single group of modification(s) to the code base of the Application. The number of such changes included is defined in Section A.6. Additional Application Changes may be requested but are chargeable separately according to the Rate Card in A.5.1
Proactive Security. Vulnerability Assessments Amplify periodically engages a security consulting firm to conduct risk assessments, aimed at identifying and prioritizing security vulnerabilities. The Information Security Committee coordinates remediation of the vulnerabilities. The security consulting firm also provides ongoing advice on current risks and advises on remediation of vulnerabilities and incident response. Penetration Testing Amplify engages third-party firms to continually conduct application penetration testing. The purpose of this testing is to test for application security vulnerabilities in the production environment. We work with third party penetration testing program partners. Third-party testing involves a combination of automated and manual testing. Vulnerability Management Amplify maintains a comprehensive vulnerability management program based on the proactive functions of the NIST Cybersecurity Framework Core: ● Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities. ● Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services. ● Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event. The implementation of these functions includes: ● Risk Assessment conducted by industry-leading third parties ● External vulnerability scans conducted by industry-leading third parties ● Internal vulnerability scans and configuration scans ● Intrusion Detection Systems ● Penetration testing conducted by third parties Endpoint Security Access to production systems at Amplify is restricted to a limited set of internal Amplify users to support technical infrastructure, troubleshoot customer issues, or other purposes authorized by the district. In addition, Amplify is completing implementation of two-factor authentication methods for access to all production systems. Two-factor authentication involves a combination of something only the user knows and something only the user can access. For example, two-factor authentication for administrative access could involve entering a password as well as entering a one-time passcode sent via text message to the administrator’s mobile phone. The use of two-factor authentication reduces the possibility that an unauthorized individual could use a compromised password to access a system. Infrastructure Security Network filtering technologies are used to ensure th...
