OpenMarket’s Information Security Philosophy is to ensure that the right data is used by a person in the right role and only in the right context, so that our customers can trust us to power their mobile business.
Information Governance, Risk and Compliance
|Information Security||The protection of the confidentiality, integrity and availability of information.|
|Information Privacy||Establishing rules which govern the collection and handling of personal information.|
|Information Compliance||Adherence with all applicable IT regulatory requirements or implementing compensating controls or documenting exception requests.|
Q: How does your company/product/service approach issues relating to data protection and privacy?
A: We approach issues relating to data protection and privacy by categorizing all data based on its sensitivity (confidentiality), criticality (availability), identifiability (privacy) and compliancy. That categorization is then used to determine the safeguards required.
Q: What standards are of concern to your effort? What type of control is evident to support general data protection and privacy of proprietary or personal data?
A: Our controls framework is primarily based upon NIST SP 800-53 Rev 1, with an appropriate amount of customization to address ISO 27001, Generally Accepted Privacy Principles (GAPP), and various international data protection laws.
Q: Describe your data retention policies and systems?
A: OpenMarket retains PII (Personally Identifiable information) for only as long as necessary to fulfill the specified purpose(s).
Q: Describe the kinds of safeguards OpenMarket uses to protect personal or sensitive information?
A: OpenMarket implements appropriate information safeguards commensurate with the level of risk. Such safeguards include (but are not limited to):
|Access Control||Access to the organization’s non-public information is controlled in accordance with the authorized privileges of the user requesting access.|
|Awareness and Training||OpenMarket provides ongoing security and privacy awareness training to its employees.|
|Audit and Accountability||The information systems maintain a record of system activity by system or application processes and by user activity.|
|Configuration Management||Systems are built and maintained according to a baseline configuration standard which addresses security.|
|Data Governance||The right data is used by a person in the right role and only in the right context.|
|Identification and Authentication||The system verifies that people are who they claim to be.|
|Information Security Management System||OpenMarket establishes, implements, operates, monitors, reviews, maintains and improves information security.|
|Incidence Response||OpenMarket has a defined, repeatable process for managing information security and privacy incidents.|
|Media Protection||OpenMarket protects media throughout its lifecycle.|
|Personnel Security||This family identifies the security controls needed to properly address how users, designers, implementors, and managers interact with computers and the access and authorities they need to do their job.|
|Physical and Environmental Protection||OpenMarket facilities are protected against physical and environmental threats.|
|Risk Management||OpenMarket continually analyzes, responds to, communicates, and manages specific risks to its systems.|
|System and Services Development and Acquisition||Information security and privacy is addressed throughout the development lifecycle.|
|System and Communications Protection||The technical implementation of the system provides a base level of confidence in the technical implementation so that the system’s various security functional capabilities can be trusted.|
|System and Information Integrity||Systems and information are protected against unauthorized modification.|
|Compliance||OpenMarket adheres with applicable IT regulatory, legal, and contractual requirements.|