Security White Paper
Our Understanding of Security
Trojan IT strives to provide its clients the highest level of security and protection where critical systems and sensitive information are concerned. Trojan IT has in place various layers of security policies, protocols, and controls to make certain that sensitive and protected information is secure always. These policies, protocols and controls are components of Trojan IT’s Information Security Management System (ISMS) that govern our helpdesk and support activities.
Trojan IT provides our clients with the assurance that we are continually improving security and enforcing best practise. This is best demonstrated by our Cyber Essentials certification and our commitment to adopt ISO27000 standards.
Employee Security Measures
Trojan IT makes every effort to ensure the suitability of our new employees. This involves a thorough interview process with reference checks. All employees are required to sign an employment contract which includes a Security and Confidentiality (Non-Disclosure Agreement) clause.
Trojan IT will ensure that only such of its employees who may be required by it to assist it in meeting its obligations under the Agreement shall have access to the personal data. Trojan IT will ensure that all such employees have undergone training regarding their data protection obligations, their duty of confidentiality and in the care and handling of personal data.
Roles and Responsibilities
All Trojan IT employees have a job description in which their role and responsibilities are clearly defined. SOPs are in place to define how each employee must perform their day-to-day work. These procedures are reviewed and updated on a regular basis to take advantage of improvements to our systems and maximize both security and efficiency. This practice restricts exposure to sensitive information and provide guidelines internally to employees encountering sensitive information.
Information Security Training Program
Security awareness is a top priority with regards to Trojan IT employees. Trojan IT actively encourages training to keep employee’s skills relevant and up to date especially where security is concerned.
Company Security Measures
Server and Database access
For information security, we have applied industry-leading practices and processes. Only a select few individuals have administrative access to our servers and databases. All other access is at the application level.
Secure Remote Connection Feature
Trojan IT’s primary application for remote access is secured using RSA public/private key exchange and AES (256 bit) session encryption. This technology is used in a comparable form for https/SSL and is considered completely safe by today's standards. As the private key never leaves the client computer, this procedure ensures that interconnected computers - including the applications routing servers - cannot decipher the data stream.
For redundancy we also have access to a secondary remote application which uses a proprietary remote desktop protocol that is transmitted via Secure Socket Layer (SSL), this creates a SSL certificate for each remote desktop and is used to cryptographically secure communications between the remote desktop and the accessing computer.
All Trojan IT systems are updated regularly with Microsoft Patches, third party software and definitions for Antivirus and Anti-Malware Solutions. Our agents ensure that antivirus software is properly installed and verified and that the latest antivirus definition files have been updated and applied.
Where it is necessary for our Software Department to download customer data to resolve issues, clients can be assured that the device is secure and encrypted and that the encryption is verifiable.
Where Trojan IT performs backups for our clients, the application we use has robust security management features which includes the facility to encrypt and send backups to the applications backup server. It supports the industry standard Blowfish and Triple DES encryption algorithms to secure your business data. These secure encryption techniques have never been broken before. In addition, the applications client and server installations communicate using a TCP/IP based secure connection which reduces the risk of your valuable data being stolen.
Product Security Measures
Trojan IT have invested in a market leading call management system designed specifically for the IT industry. This call management system allows us to prioritise and manage work (tickets) ensuring that Service Level Agreements (SLAs) are met and escalation procedures are implemented if the need arises.
Password Management Policy
A standard password policy is applied to and enforced for all Trojan IT users, to include, but not limited to Active Directory domains, hosted applications, internal and customer facing portals. Users are required to have a minimum password length which includes complexity.
Trojan IT constantly reviews applications and procedures to ensure our systems are secure and that best practises are enforced. In the event further detail is required Trojan IT will on request make more technical information available.
Trojan IT, Elphin St, Boyle, Co. Roscommon, F52 HY38 Ireland