We are compliant, so you are!
We ensure that controls are in place to manage the risk of interruptions that may impact the service level commitments of our clients. We protect your business, so that you can focus on the details that benefit your business. The equipment, information and uptime reliability are all critical to achieving your mission.
Oman Data Park runs a 24x7x365 Security Operations Center (SOC) based in Oman that provides extensive services. our commitment to your data security and compliance is infinite.
While security threats and vulnerabilities continually evolve, one thing remains constant the need to implement processes and technology to ensure the highest levels of security by continuously improving through security organization. Oman Data Park’s (ODP) Risk & Compliance Department is responsible for setting objectives for Information Security Management to guarantee our commitment to our clients.
Our Security organization is comprised of 6 Policies:
1- Security Policy: ODP is committed to preserving the confidentiality & integrity of all information it holds and processes. With the Security Policy in place, ODP establishes direction and support for the security of your information, we also set a risk management framework that is in accordance with business requirements as well as those required legally and regulatory.
2- Asset Management Policy: With the Asset Management Policy in place, ODP focuses on achieving and maintaining appropriate protection of ODP’s critical infrastructure required for its service delivery.
3- Human Resources Security Policy: In order to ensure the systems housed within the data centre are kept secure, this Policy establishes controls, regulations, & authorization that apply to all ODP employees, contractors and third party users. So that each party understands their responsibilities, and are suitable for their designated roles and is enforced via a signed Non-Disclosure agreement.
4- Physical & Environmental Security Policy: Procedures are installed in order to prevent unauthorized physical access, impairment, and interference to the organization's premises and information. Access Control Framework ensures authorized accesses to the appropriate systems and resources with defined security perimeters; that protect areas that contain confidential or sensitive information &/or information systems. In addition, we have implemented procedures & follow best practices to protect against environmental threats and hazards as well as power failures and other disruptions caused by failures in supporting utilities.
5- Information Security Incident Management Policy: The purpose of this policy is to ensure a consistent and effective approach to the management of Information Security Incidents, including communication on security events and weaknesses; as well as the timely handling of timely corrective action by defining and establishing a structure for the reporting and management of such incidents by our staff.
6- Security Vulnerability Reporting Policy: We carry out continuous vulnerability scans across our infrastructure and certify that the required corrective action has been taken in order to remedy the vulnerability detected. The policy ensures the prioritization and mitigation of any reported security observations/vulnerabilities.
Oman Data Park (ODP) undergoes rigorous auditing & reviews in order to assure you that our implemented controls & policies, set by our security organization, meet internationally set standards and are effectively being implemented.
We are compliant for the following standards:
• ISO 27001 Information Security Management System: An internationally recognized best practice framework that specifies the requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS). ISMS is a systematic approach to managing sensitive company information including people, processes and IT systems.
• ISO 20000 IT Service Management System: ISO/IEC 20000, often referred to simply as ISO 20000, is the international IT service management (ITSM) standard that enables IT organisations to ensure that their ITSM processes are aligned both with the needs of the business and with international best practice. ISO 20000 identifies the benchmark on how we deliver managed services, measure service levels and assess our performance.
• PCI-DSS (Payment Card Industry Data Security Standard): The PCI Security Standards Council offers comprehensive standards and supporting materials to enhance data security for payment cards. They include a framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information at every step. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process, including prevention, detection and appropriate reaction to security incidents.
• OHSAS 18001 Occupational Health & Safety Management System: OHSAS 18001, also referred to as ISO 18001, is the internationally accepted and recognized management standard for occupational health and safety. The standard is used as a method of assessing and auditing occupational health and safety management systems.
• ISO 9001 Quality Management System: ISO 9001 is a certified quality management system (QMS) to demonstrate our ability to consistently provide products and services that meet the needs of our clients and other relevant stakeholders.
ODP also holds ISO 20000:2011 for IT Service Management which governs our Service Delivery operations.
The below are a list of certifications awarded/held to/by ODP:
• ISO 20000:2011 for IT Service Management which governs its Service Delivery operations. View Certificate
• ISO27001:2013 for Information Security Management System. View Certificate
• Tier 3 Data Centre Design Certification. View Certificate
• Data Centre Site Certification. View Certificate
Oman Data Park (ODP) takes security very seriously and investigates all reported vulnerabilities. Below describes our practice for addressing potential vulnerabilities in any aspect of our services.
Report to Representative: A security incident is a suspected, attempted, successful, or imminent threat of unauthorized access, usage, release, modification, breach, or destruction of information; interference with information technology operations; or significant violation of responsible use policy.
• If you have become aware of something that you think could be a potential risk to security regarding ODP Services immediately report suspected security incidents to our security representative on the following email with as much information as possible. You should include specific details that indicate the security concern inquiry.
• If you suspect that ODP Payments has been compromised or there has been an unauthorized access, or other related issues such as invalid orders, invalid credit card charges, suspicious emails, or vulnerability reporting, then you should contact our representative immediately to initiate the appropriate response.
The information you share with Oman Data Park as part of this process is kept confidential within Oman Data Park.
Penetration Testing Request: ODP provides a robust and trustworthy platform for our customers and we continually monitor our services for suspected attacks. We also understand that security is a partnership between us and our customers; and because penetration tests and other simulated events can be indistinguishable from abusive behaviour, it is best to request a penetration test beforehand from ODP before you test your resources. You can request authorization for penetration testing by contacting our representative. As a critical phase of any secure application deployment involves testing applications for potential vulnerabilities.
Our Acceptable Use Policy describes permitted and prohibited behaviour on ODP infrastructure and includes descriptions of prohibited security violations and network abuse.
ODP Response Time: Once you submit your concern or test request, you will receive a non-automated response to your initial contact report within 48 hours indicating that your reported vulnerability has been well received; and we have initiated our investigation or you can begin your penetration test. You will receive progress updates from us at least every 7 working days until the issue has been successfully resolved or you have completed your penetration testing.