Security in IT Operations

Security requirements related to IT Operations are defined and integrated in processes and technologies to protect information at rest, in transit, and in use, and ensure secure configuration of endpoints, networks, and cloud environments.

Endpoints are centrally managed and secured through next-gen malware detection & response, software installation controls, configuration management, and monitoring solutions. Systems are hardened to reduce the attack surface.

Strong authentication mechanisms are enforced, including automatic session termination in case of inactivity.

Corporate networks are protected by strict security mechanisms (e.g., access control, segregation, secure protocols and connection, firewalls, IDS, IPS, etc.). Suspicious connections are filtered. Access to cloud-based environments and services must comply with the identity and access management security requirements, including MFA.

IT resources are regularly backed up to support the continuity of business operations and information security.

Systems are be calibrated, maintained, and assessed regularly to ensure their availability, efficiency, and performance. Patch management processes are executed to remediate vulnerabilities.

Encryption controls using industry-accepted parameters are defined, and are implemented in accordance with the applicable legislation, considering the criticality of information and systems as well.

IT assets are managed and tracked throughout their lifecycle, to ensure they remain up-to-date.