• Security Organization – Cobalt Parsons Human Capital has implemented a series of information technology security and data protection policies and programs, managed and enforced by Cobalt Parsons Human Capital’s Information Security team and the Privacy team. Cobalt Parsons Human Capital manages security programs in accordance with its Information Technology Security Policies and Procedures. Cobalt Parsons Human Capital’s executive management and security teams regularly review policies and procedures and conduct assessments of its security and privacy programs. Continuous improvement of our security posture has enabled us to address data protection challenges on a global and diverse industry basis.
• Data Center, Network & Systems Protection – Cobalt Parsons Human Capital Systems reside in Tier III or greater SSAE 16 certified hosting facilities with security measures, protections and controls which commensurate with their rating designation. Cobalt Parsons Human Capital’s environment is protected by perimeter firewalls and technology including network intrusion prevention/detection systems and anti-virus software with proactive threat protection.
• Network Vulnerability Scanning – Cobalt Parsons Human Capital regularly performs vulnerability scans of our entire infrastructure including internal and external facing servers. Vulnerabilities are tracked and managed according to our vulnerability management policy, which requires remediation according to a schedule based on severity of the vulnerability. This effort is supported by an active patch management program.
• Email, Remote Access, Application Security Scanning – Cobalt Parsons Human Capital protects its email and web with security scanning. A 256-bit encrypted link is deployed for its virtual private network (VPN) remote access solution. Applications are developed with the latest secure coding techniques to protect against malicious exploits such as SQL injection and cross-site scripting. Vulnerability, penetration and security scanning is regularly done using an outside service as a proactive measure.
• Security Monitoring & Incident Response Plan – Cobalt Parsons Human Capital’s infrastructure is also monitored by its Security Incident Event Monitoring solution which correlates logs from perimeter devices (firewalls, intrusion prevention/detection systems, routers and other equipment) as well as security devices and software (antivirus, domain controllers, MFA servers and others). These monitoring solutions alert us automatically when unexpected activity occur.
• Access Control – Cobalt Parsons Human Capital has an access control policy that includes least privileged and role-based access restrictions applied to all resources and information with unique IDs for each individual to include strong passwords with complexity, length and aging requirements. We use Transport Layer Security(TLS) web session security. A bonded carrier service transports backups, archives, and other media to offsite storage locations. Remote access and access to server management functions require administrative privileges and multi-factor authentication. Critical servers also have special single-use password enablement.
• User Training, IT Security Policy, Code of Business Conduct and Physical Record Policy – Cobalt Parsons Human Capital employees participate in regular compliance training. All Cobalt Parsons Human Capital employees are required to agree to the Cobalt Parsons Human Capital Code of Business Conduct and Ethics, Agreement to Protect Confidential Information, and IT Security Policy as a condition of employment and as appropriate thereafter. Cobalt Parsons Human Capital’s current practice requires new employees to pass a background check at the time of hire, as permitted by applicable law and in accordance with Cobalt Parsons Human Capital’s policies and local practices. This background check may include a check of criminal history, employment history, sanctions check and education verification. Cobalt Parsons Human Capital has established a clean desk policy, locked files, and other physical access controls, including electronic fob and access cards.
• Encryption in Transit – Cobalt Parsons Human Capital encrypts email data in transit using the TLS 1.2 protocol when communicating with a server that accepts encrypted connections. Enhanced encryption techniques have been deployed to easily encrypt assessments and email files. Data and information protection is further enforced by our Data Loss Prevention solution. Clients can also use CobaltParsons Human Capital’s Secure File Transfer System (SFTS). The SFTS is accessed only by authorized personnel via a secure link with encryption in transit and at rest.
• Encryption for Internal Cobalt Parsons Human Capital networks – Network systems make use of encryption, session controls, routing tables and access control lists (ACLs)to ensure that communications follow approved paths with appropriate protections enabled.
• Encryption at Rest – Where supported by the Cobalt Parsons Human Capital services, data received by Cobalt Parsons Human Capital via email, SFTS or through client’s use of the contracted services is encrypted at rest on Cobalt Parsons Human Capital servers and backup media.
• Change Management – Cobalt Parsons Human Capital follows an Information Technology Infrastructure Library (ITIL) based framework and a well-defined change management process on all production systems and applications. Significant and major changes are reviewed and controlled by the associated management.
• Application Release Management – Cobalt Parsons Human Capital uses non-production systems for the development, testing and staging of Cobalt Parsons Human Capital developed applications. Only when the application release has been tested, will it be migrated to the production system pursuant to our change management process. Production data is stored only in production systems or systems with production-level controls.
Cobalt Parsons Human Capital appointed a Privacy team to develop and implement a roadmap for complying with the GDPR and other data privacy laws. This team is responsible for promoting awareness of privacy across the organization, assessing our GDPR readiness, identifying and addressing any gap areas, and implementing the new policies, procedures and measures discussed here.
Although privacy and confidentiality are embedded in our global standards, methodologies, training and practice, we understand that the requirements of the GPDR are complex. We recognize that employee awareness and understanding is vital to continued compliance. We are continually updating and monitoring our privacy training programs to ensure we are educating our employees on how to handle personal data under the GDPR and other privacy laws.
If you have any questions about Cobalt Parsons Human Capital’s privacy program, please contact us at privacy@cobaltparsons.com.
.svg)
