The document outlines security components for incorporating security in IT solutions for corporate registers. It discusses physical security of servers through access control, monitoring, and redundancies. It also covers server and system software security through patching, logging, encryption, and backups. Application level security is addressed through role-based access controls, audit trails of all changes made, and electronic submission validation.
2. SECURITY COMPONENTS Physical Security Server and System Software Security Database Security and Audit Trail Authentication to the Application Application Level Security Online Applications Security
3. PHYSICAL SECURITY OF IT Environmental design Air Conditioning, Dual UPS and Standby Generators Electronic and procedural access control Biometric Access control for controlling user access points Datacenter access limited to IT administrators Intrusion detection and Video monitoring Security alarms and CCTV for incident notification and verification
4. SECURITY COMPONENTS High Available Cluster System For Database and Application Server - protection against a single server failure Disaster Recovery System- protection against disaster at Main site Firewall and Intrusion Prevention System Antivirus/ Antispyware server Data Protection System- Automated backup of servers and databases
5. Up to date with latest Security patches and fixes Logging of access to all server services Use of encryption for network communication Maintain a proper system backup policy SERVERS AND OS SECURITY
6. USER AND PASSWORD MANAGEMENT Restriction of User ID to an agreed number of alphanumeric characters (Include special characters in Password @,#) Maintain password Complexity No shared ID issued to multiple users Disabling of Inactive account accounts after an agreed time period Locking of users of a successive given attempts of failed login
7. USER AND PASSWORD MANAGEMENT cont.. Initial Password allocated to user will be one time. User forced to change his password on first log in Users forced to change their password after an agreed time period from the last password change date. User sessions will time-out after an agreed period of inactivity
8. APPLICATION - LEVEL Access to user on system will be depending on their access rights (Filing officer accessing filing system, Cashier accessing cash collection system, Companies officer accessing Companies Administration Module, Management of ROC accessing all systems ) Access rights to record application Access rights to approve application Access rights to insert, update and delete
9. APPLICATION – AUDIT TRAIL Any record created in the database will have the user stored in the database and the date it has been created. The user who has last updated the record will be stored in the database. Any table in the database can be audited and any updates made can be logged. Tracking of Status on Application (Recorded, In Progress, Rejected or Approved). Tracking of Status of Companies (Incorporated, Amalgamate, Dissolve, Wind-Up)
10. ELECTRONIC SUBMISSIONS Information recorded in a temporary database in the DMZ server. ROC Staff validate the data before sending it in the live database. Each company will have a password to access their account. They can use it to submit their applications online.