Security

Your data is secure and protected

BarnTools is commited to protecting the confidentiality, integrity, and availability of your data. We understand that the protection of your confidential data is a top priority in your decision to choose us as your digital transformation partner.

Request demo

Our commitment to you…

  • Treat your data like it is our own.
  • Follow all required laws and regulations to protect your data and privacy by implementing security controls based on the National Institute of Standards and Technology (NIST) security framework standards.
  • Never share your confidential data with any external parties without your expressed permission.

Identity

Security Governance

  • Enterprise-wide Risk Management framework ensures the confidentiality, integrity and availability of data and resources is adequately protected.
  • Security strategies are consistent with regulations and compliance requirements to protect data and privacy.
  • Oversight ensures risks are adequately mitigated.

Risk Management

  • An Information Security Risk Management Program continually manages risk to/from internal and external threats. A risk assessment is performed by a third-party annually to identify opportunities for improvement.
  • BarnTools maintains a robust set of security policies, standards, and procedures based on NIST Special Publication 800-53. They are reviewed and acknowledged by staff annually.
  • Third-party information security consulting firm serves as their virtual Chief Information Security Officer (vCISO), providing added expertise and experience.

Vendor Management

  • Vendor Management best practices are used to ensure that privacy and security is maintained by all vendors and partners.
  • BCritical vendors are reviewed and assessed before engaging and annually, thereafter, to confirm proper controls exist.

Privacy & Compliance

  • The privacy policy is supported by the practices included in our Information Security and Risk Management policies and comply with today’s data privacy and regulatory compliance.

Protect

Access Controls

  • Role-based access controls are utilized to restrict access to data on a need-to-know basis, and only by authorized personnel whose job responsibilities require it.
  • Strong passwords are required and enforced for all access to sensitive information (complexity, rotation, etc.)
  • A virtual private network (VPN) is required for all employees accessing production systems remotely.
  • Administrative controls are in place including user access reviews, segregation of duties, policies, procedures, and standards.
  • Account authorization and removal is performed through comprehensive checklists ensuring all physical, electronic, and third-party account access is terminated.

Security Training

  • All employees receive information security training upon hire and annually thereafter.
  • Ongoing awareness campaigns of current information security threats and trends are provided to keep information security top of mind.
  • Background checks are required for all employees prior to employment and the appropriate non-disclosure and confidentiality agreements are signed.
  • Developers are trained in security best practices.

Secure System Configuration & Maintenance

  • Baseline configurations are used to deploy new systems with appropriate application and security settings. A System Maintenance Standard is followed to identify and keep systems and devices patched and up to date.

Data Loss Prevention

  • Restricted access to external email and file storage services.
  • Network monitoring and alerts for data exfiltration.
  • Data destruction procedures for physical and logical devices to ensure proper disposal of information.

Physical Security

  • Physical security controls include video surveillance, electronically-controlled doors (badge access), visitor sign in and escort procedures, 24/7 manned security, and alarm system.
  • Servers, applications, and infrastructure are maintained and hosted within Microsoft Azure. Microsoft adheres to comprehensive compliance offerings such as ISO/IEC 27001 and SOC2 Type II certified.

Encryption

  • Sensitive data is protected with encryption during transmission over public networks.
  • The Web Application is protected via SSL providing data encryption and identity validation.

Network Security

  • A defense in depth strategy is utilized by employing boundary protection best practices, routers, architected security zones and continuous monitoring to detect and/or block malicious traffic.
  • System availability is achieved utilizing redundant technologies, regularly scheduled maintenance, and mature change controls processes.
  • Networks devices and applications are constantly monitored for performance and security and utilize redundant power, UPS, and backup generators.

Detect

Logging and Monitoring

  • Currently implementing a Security Information & Event Management (SIEM) solution. The SIEM, managed by a third-party, provides 24/7 continuous monitoring, data analysis, threat intelligence, and security incident reporting 365 days/year.

Vulnerability Scanning & Penetration Testing

  • Network and device vulnerability scanning is performed weekly.
  • Web application vulnerability and penetration testing is performed annually.

Anti-Malware & Threat Detection/Prevention

  • Anti-virus solutions are utilized to recognize and block malware and reduce phishing attacks.
  • Boundary protection devices prevent unauthorized traffic from accessing production systems and information, helping to identify and mitigate active threats.

Respond

Business Continuity (BC) & Disaster Recovery (DR)

  • In the unfortunate case a disaster occurs, BarnTools is ready to respond by implementing a thorough BC/DR plan to overcome the challenge and guide the recovery process.

Incident Response & Management

  • A documented Incident Response Plan is tested on at least an annual basis to ensure the organization is ready when an incident occurs.

Recover

Data Backup

  • Backup solutions ensure data is available and consistent with company Business Continuity (BC) and Disaster Recovery (DR) requirements.
  • BC and DR plans are tested on an annual basis through table-top scenarios and/or technical DR exercises to demonstrate functionality and compliance.

Data Retention

  • The Data Retention & Destruction Standard provides oversight for the secure removal of data from the environment and complies with state and federal retention laws.

Improvements and Retrospective

  • Recovery plans incorporate lessons learned.
  • Recovery strategies are updated.

Communications

  • Recovery activities are communicated to internal and appropriate external stakeholders.

Let's talk

Are you ready to explore how Barn360 can add value to your operation?

Jen Sibbitt-Gordon is your go-to-person to get the discussion started. She understands pork production and has experience helping producers get more value out of their data. Email or give Jen a call to help set up the next steps with our team of production and digital transformation experts.

© 2020 BarnTools. All Rights Reserved.