Risk & Compliance
We understand the absolute need for risk mitigation and regulatory compliance. The costs of security and data non-compliance are incredibly high. A report from Corporate Compliance Insights suggests non-compliance costs are almost three times as high as compliance costs. We strive to go beyond the minimum standards and achieve excellent risk mitigation and regulatory conformity.
Is your business spending too much money on compliance efforts? Could your business be losing money due to the loss of efficiency that comes from a non-compliant system?
Oman Data Park is fully compliant with industry standards. We have already achieved the necessary data security certifications and compliance your company needs. Our risk reduction strategies can be applied to your company in partnership with us. This will ensure your business meets all the necessary regulatory targets and is prepared for any foreseeable problem in the future.
While security threats and vulnerabilities continually evolve, one thing remains constant: the need to implement processes and technology to ensure the highest levels of security. Oman Data Park’s (ODP) Risk & Compliance Department is responsible for setting objectives for Information Security Management to guarantee the security of our clients.
We designed these policies to protect your business. These directives are not simply words and rules. They are established, reliable processes for shielding businesses from harm due to data loss, theft, or attack.
Our Security organization is comprised of 6 Policies:
1. SECURITY POLICY Your business wants to succeed right now. Slow networks, obsolete software, and poor performance are obstacles you have faced before. Oman Data Park has 24/7 access to the best high-speed networks and servers in the region.
2. ASSET MANAGEMENT POLICY:With the Asset Management Policy in place, ODP focuses on achieving and maintaining appropriate protection of ODP’s critical infrastructure required for its service delivery.
3. HUMAN RESOURCES SECURITY POLICY :In order to ensure the systems housed within the data center are kept secure, this Policy establishes controls, regulations, & authorizations that apply to all ODP employees, contractors and third-party users. Each party has specific responsibilities and roles. These are enforced via a signed Non-Disclosure agreement.
4. PHYSICAL & ENVIRONMENTAL SECURITY POLICY:Procedures are installed to prevent unauthorized physical access, impairment, and interference with the organization’s premises and information. Access Control Framework ensures authorized accesses to the appropriate systems and resources with defined security perimeters. This protects areas that contain confidential or sensitive information and systems. In addition, we have implemented procedures & follow best practices to protect against environmental threats and utility company failures.
5. INFORMATION SECURITY INCIDENT MANAGEMENT POLICY: The purpose of this policy is to ensure a consistent and effective approach to the management of Information Security Incidents. This ensures communication on security events and weaknesses. Corrective action is managed in a timely fashion by defining and establishing a structure for the reporting and management of such incidents by our staff.
6. SECURITY VULNERABILITY REPORTING POLICY:We carry out continuous vulnerability scans across our infrastructure and certify that the required corrective action has been taken to remedy the vulnerability detected. The policy ensures the prioritization and mitigation of any reported security observations/vulnerabilities.
Oman Data Park (ODP) undergoes rigorous auditing and reviews because we want to assure you that our implemented controls and policies are working. These policies meet international standards and are being effectively implemented. The result for your business is increased reliability in our partnership. Our commitment to operational excellence means we will always be there to serve your business.
We are compliant for the following standards:
1. ISO 27001 Information Security Management System:
An internationally recognized best practice framework that specifies the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). ISMS are a systematic approach to managing sensitive company information including people, processes, and IT systems.
2. ISO 20000 IT Service Management System:
ISO/IEC 20000, often referred to simply as ISO 20000, is the international IT service management (ITSM) standard that enables IT organizations to ensure that their ITSM processes are aligned both with the needs of the business and with international best practice. ISO 20000 identifies the benchmark on how we deliver managed services, measure service levels and assess our performance.
3. PCI-DSS (Payment Card Industry Data Security Standard):
The PCI Security Standards Council offers comprehensive standards and supporting materials to enhance data security for payment cards. They include a framework of specifications, tools, measurements, and support resources to help organizations ensure the safe handling of cardholder information at every step. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process, including prevention, detection, and appropriate reaction to security incidents.
4. OHSAS 18001 Occupational Health & Safety Management System:
OHSAS 18001, also referred to as ISO 18001, is the internationally accepted and recognized management standard for occupational health and safety. The standard is used as a method of assessing and auditing occupational health and safety management systems.
5. ISO 9001 Quality Management System:
ISO 9001 is a certified quality management system (QMS) to demonstrate our ability to consistently provide products and services that meet the needs of our clients and other relevant stakeholders.
6. ODP also holds ISO 20000:
2011 for IT Service Management which governs our Service Delivery operations.
The below are lists of certifications awarded to ODP:
2013 for Information Security Management System. View Certificate
2011 for IT Service Management which governs its Service Delivery operations. View Certificate
Tier 3 Data Centre Design Certification.
Data Centre Site Certification.
Security Reports & Requests
Oman Data Park (ODP) takes security very seriously and investigates all reported vulnerabilities. Below describes our practice for addressing potential vulnerabilities in any aspect of our services.
Report to Representative:
- A security incident is a suspected, attempted, successful, or imminent threat of unauthorized access, usage, release, modification, breach, or destruction of information; interference with information technology operations; or significant violation of responsible use policy.
- If you have become aware of something that you think could be a potential risk to security regarding ODP Services, then immediately report suspected security incidents to our security representative on the following email with as much information as possible. You should include specific details that indicate the security concern inquiry.
- If you suspect that ODP Payments has been compromised or there has been an unauthorized access, or other related issues such as invalid orders, invalid credit card charges, suspicious emails, or vulnerability reporting, then you should contact our representative immediately to initiate the appropriate response.
The information you share with Oman Data Park as part of this process is kept confidential within Oman Data Park.
Penetration Testing Requests: ODP provides a robust and trustworthy platform for our customers and we continually monitor our services for suspected attacks. We also understand that security is a partnership between us and our customers; and because penetration tests and other simulated events can be indistinguishable from abusive behavior, it is best to request a penetration test beforehand from ODP before you test your resources. You can request authorization for penetration testing by contacting our representative. As a critical phase of any secure application deployment involves testing applications for potential vulnerabilities. Our Acceptable Use Policy describes permitted and prohibited behavior on ODP infrastructure and includes descriptions of prohibited security violations and network abuse.
ODP Response Time:Once you submit your concern or test request, you will receive a non-automated response to your initial contact report within 48 hours indicating that your reported vulnerability has been received. We will update you on our progress or allow you to begin your penetration test. You will receive
Security Operations Center (SOC)
Oman Data Park runs a 24x7x365 Security Operations Center (SOC).
The extensive services offered include specific policies you can adapt instead of creating your own policies at the cost of time and money. The physical security infrastructure we invested in can replace your business investment in costly checkpoints.
We are compliant, so you can be compliant, too.