Security and IP Protection

The intellectual property protection is critical to any company' success. One of the major concerns of companies outsourcing their development work is the security of their data, ideas and IPR. Beyondsoft, fully aware of these concerns, has built and implemented a strict security policy to protect the client’s intellectual property and confidential information. Beyondsoft’s security system is compliant with BS7799/ISO 27001 and passed security audits by world’s renowned consultants like KPMG and Ernst & Young. Beyondsoft has also successfully passed onsite security audits by its clients like Microsoft, HP, Google, Autodesk and Adobe. All projects executed by Beyondsoft are insured by comprehensive E&O insurance.

Security management

Our security management framework covers the following aspects:

Management Framework
Regular Audits
Practices & Enforcement
Awareness

Security Assets and Procedures

We identify development sites as critical or sensitive business information processing facilities which should be housed in secure areas, protected by a defined security perimeter with appropriate security barriers and entry controls. Access to development sites and buildings are restricted to authorized personnel only. Visitors to secure areas are supervised or cleared and their date and time of entry and departure are recorded. Within buildings also there are further secure areas where only a select people are allowed on access control.

A clear desk and clear screen policy is introduced to reduce the risk of unauthorized access or exposure of confidential information.
All fire doors on Beyondsoft security perimeters are alarmed and slam shut.
All personnel are required to wear the unique form of visible badge and encouraged to challenge unescorted strangers and anyone not wearing visible identification.
Access rights to development sites are regularly reviewed and updated.
Development facilities are sited to avoid access by the public.
Doors and windows are locked when unattended and monitoring cameras are fixed for windows, particularly at ground level.
Monitors are installed and regularly tested in place to cover all external doors and accessible windows. Unoccupied areas are alarmed at all times. Cover is provided for other areas, e.g. computer room or communications rooms.
Back-up media for the development is sited at a safe distance to avoid damage from a disaster at the main site.
Photographic, video, audio or other recording equipment are not allowed in Beyondsoft unless authorized.
UPS to support orderly close down is introduced for equipment supporting critical business operations.
24 hour video surveillance system and security guard patrol is maintained at Beyondsoft.
Strict management of Internet access.
Critical information backup on a daily basis.
Data and email encryption with PGP or other software as per clients' requests.
Email server with firewall protection.
Access to information/knowledge is based on project requirements.
Beyondsoft has developed a business continuity plan.
We have a guideline in place to address the security in delivering services by on-site employees.

Data Protection

Beyondsoft client data protection policies and procedures are:

Data protection policy
Data backup and disaster recovery plan
Data access control protection and procedures
Human resource data access protection

Data Protection Policy

We are using the RAID Data Protection Policy. We support high capacity and high speed mass storage with continuous data availability, ease of service, scalability and connectivity. The configuration is designed to handle very large databases, no active single point of component failure. It utilizes component and function redundancy to provide full fault-tolerance for all microprocessors, control storage, control and data busses, power supplies, and cooling fans. Thus, it can sustain multiple component failures and still continue to provide full access to stored data.

Data Backup and Disaster Recovery Plan

Data backup
Redundancy setup on each main server to ensure uninterrupted service
Real time on-site backup
Regular off-site backup
Incremental backup: 3 times per week
Full backup: once per month
Data disaster recovery plan
Regular backup of all the data and information
Backup servers in different locations

Human Resource Data Access Protection

Beyondsoft enters into non-disclosure agreement with candidates who are screened and checked with background prior to employment.
During employment, we conduct regular training on information security and IPR protection for all employees
All staffs and security coordinators are assigned with responsibilities for maintaining information security as well as confidentiality of client assets.
Beyondsoft employees are required to sign additional individual NDA with the client.
Beyondsoft reaffirms the specifications which survive the term of agreement with regard to non-disclosure and IPR protection.