LJS is committed to data security and the data quality of information that is either available from or collected by LJS, and has taken precautions based on industry standards to protect information from loss, misuse or alteration. Any third parties responsible for or accessing this data must be committed to the same principles and are required by contract to follow the same policies and guidelines as LJS in protecting this information.
LJS data security measures include, but are not limited to, the following:
|Physical Access||Production hardware are collocated at secure data centers and access to this facility is limited to LJS’ Network Operations Center (NOC) team. The data center is secured 24x7 using, at a minimum, access cards with continuous monitoring of entry, exit and other activity within the data center. LJS offices are locked during non-business hours and secure areas require individualized access cards to gain entry at all times|
|Firewalls||LJS’ network is protected from unauthorized intrusion by hardware firewalls.Accounts and Passwords: LJS maintains standards for all types of data accounts and passwords, including expiration and revocation, format and length, and requirements for locking accounts when not in use|
|Logs||All Production, Development and Backbone servers and related components with logging capability log system, application and/or security activities|
|Upgrades, Patches, Software, and Security Bulletins||Upgrades and patches recommended by manufacturers are evaluated for applicability to the LJS environment. Upgrades and patches designed to resolve potential security or functionality deficits applicable to LJS’ systems are installed on test servers or workstations as they become available and are tested to ensure that functionality and performance are acceptable prior to installation throughout the LJS network.|
|Viruses/Malware||LJS’ systems are protected by routinely updated virus detection and cleaning applications. Virus-infected computers must be removed from the network until they are verified as virus-free. Any activities with the intention to create and/or distribute malicious programs into LJS' networks (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.) are prohibited.VPN (remote) Access: VPN access to LJS’ network is strictly controlled, using password authentication.|
|SSL||Transfer of Critical Risk Data over http to LJS’ network is encrypted using SSL.|