Security

Your data is secure and protected

BarnTools is commited to protecting the confidentiality, integrity, and availability of your data. We understand that the protection of your confidential data is a top priority in your decision to choose us as your digital transformation partner.

Request demo

Our commitment to you…

  • Treat your data like it is our own.
  • Follow all required laws and regulations to protect your data and privacy by implementing security controls based on the National Institute of Standards and Technology (NIST) security framework standards.
  • Never share your confidential data with any external parties without your expressed permission.

Identity

Security Governance

  • Enterprise-wide Risk Management framework ensures the confidentiality, integrity and availability of data and resources is adequately protected.
  • Security strategies are consistent with regulations and compliance requirements to protect data and privacy.
  • Oversight ensures risks are adequately mitigated.

Risk Management

  • An Information Security Risk Management Program continually manages risk to/from internal and external threats. A risk assessment is performed by a third-party annually to identify opportunities for improvement.
  • BarnTools maintains a robust set of security policies, standards, and procedures based on NIST Special Publication 800-53. They are reviewed and acknowledged by staff annually.
  • Third-party information security consulting firm serves as their virtual Chief Information Security Officer (vCISO), providing added expertise and experience.

Vendor Management

  • Vendor Management best practices are used to ensure that privacy and security is maintained by all vendors and partners.
  • Critical vendors are reviewed and assessed before engaging and annually, thereafter, to confirm proper controls exist.

Privacy & Compliance

  • The privacy policy is supported by the practices included in our Information Security and Risk Management policies and comply with today’s data privacy and regulatory compliance.

Protect

Access Controls

  • Role-based access controls are utilized to restrict access to data on a need-to-know basis, and only by authorized personnel whose job responsibilities require it.
  • Strong passwords are required and enforced for all access to sensitive information (complexity, rotation, etc.)
  • A virtual private network (VPN) is required for all employees accessing production systems remotely.
  • Administrative controls are in place including user access reviews, segregation of duties, policies, procedures, and standards.
  • Account authorization and removal is performed through comprehensive checklists ensuring all physical, electronic, and third-party account access is terminated.

Security Training

  • All employees receive information security training upon hire and annually thereafter.
  • Ongoing awareness campaigns of current information security threats and trends are provided to keep information security top of mind.
  • Background checks are required for all employees prior to employment and the appropriate non-disclosure and confidentiality agreements are signed.
  • Developers are trained in security best practices.

Secure System Configuration & Maintenance

  • Baseline configurations are used to deploy new systems with appropriate application and security settings. A System Maintenance Standard is followed to identify and keep systems and devices patched and up to date.

Data Loss Prevention

  • Restricted access to external email and file storage services.
  • Network monitoring and alerts for data exfiltration.
  • Data destruction procedures for physical and logical devices to ensure proper disposal of information.

Physical Security

  • Physical security controls include video surveillance, electronically-controlled doors (badge access), visitor sign in and escort procedures, 24/7 manned security, and alarm system.
  • Servers, applications, and infrastructure are maintained and hosted within Microsoft Azure. Microsoft adheres to comprehensive compliance offerings such as ISO/IEC 27001 and SOC2 Type II certified.

Encryption

  • Sensitive data is protected with encryption during transmission over public networks.
  • The web application is protected via SSL providing data encryption and identity validation.

Network Security

  • A defense in depth strategy is utilized by employing boundary protection best practices, routers, architected security zones and continuous monitoring to detect and/or block malicious traffic.
  • System availability is achieved utilizing redundant technologies, regularly scheduled maintenance, and mature change controls processes.
  • Networks devices and applications are constantly monitored for performance and security and utilize redundant power, UPS, and backup generators.

Detect

Logging and Monitoring

  • Currently implementing a Security Information & Event Management (SIEM) solution. The SIEM, managed by a third-party, provides 24/7 continuous monitoring, data analysis, threat intelligence, and security incident reporting 365 days/year.

Vulnerability Scanning & Penetration Testing

  • Network and device vulnerability scanning is performed weekly.
  • Web application vulnerability and penetration testing is performed annually.

Anti-Malware & Threat Detection/Prevention

  • Anti-virus solutions are utilized to recognize and block malware and reduce phishing attacks.
  • Boundary protection devices prevent unauthorized traffic from accessing production systems and information, helping to identify and mitigate active threats.

Respond

Business Continuity (BC) & Disaster Recovery (DR)

  • In the unfortunate case a disaster occurs, BarnTools is ready to respond by implementing a thorough BC/DR plan to overcome the challenge and guide the recovery process.

Incident Response & Management

  • A documented Incident Response Plan is tested on at least an annual basis to ensure the organization is ready when an incident occurs.

Recover

Data Backup

  • Backup solutions ensure data is available and consistent with company Business Continuity (BC) and Disaster Recovery (DR) requirements.
  • BC and DR plans are tested on an annual basis through table-top scenarios and/or technical DR exercises to demonstrate functionality and compliance.

Data Retention

  • The Data Retention & Destruction Standard provides oversight for the secure removal of data from the environment and complies with state and federal retention laws.

Improvements and Retrospective

  • Recovery plans incorporate lessons learned.
  • Recovery strategies are updated.

Communications

  • Recovery activities are communicated to internal and appropriate external stakeholders.

Let's talk

Are you ready to explore how Barn360 can add value to your operation?

Contact us to get the discussion started. We understand pork production and have experience helping producers get more value out of their data. Email or give us a call to help set up the next steps with our team of production and digital transformation experts.

© 2020 BarnTools. All Rights Reserved.