Laserfiche WebLink
Security and Hosting Overview <br />June 2015 <br />Europe and APAC <br />Merlin -IT Hungary Information Merlin Information Systems Philippines Inc. <br />Technology Services 6th Floor <br />Kft. Vagohid u. 2., 4034 ommerce and Industry Plaza Building, <br />Debrecen, Hungary McKinley Hill Cyberpark, <br />Taguig City, Philippines <br />The SAP Fieldglass Security team conducted an onsite security audit in 2014 at Merlin <br />Hungary. Contractually, Merlin must meet SAP Fieldglass' security requirements. The <br />following security controls are in place: <br />• Help desk agents are not able to cut/paste using their secured <br />workstation. <br />• External media including any USB drive is disabled. <br />• Printing is not supported. <br />• Help desk agents have been background checked by Merlin using SAP <br />Fieldglass' background check requirements (see section 1.4.7 Background <br />Checks). <br />1.6.7 Data Loss Prevention <br />Our DLP solution has been installed and configured for use on devices subject to exposure <br />to sensitive information. It has been implemented to guard data at its endpoints and to <br />ensure leakage of information classified as Confidential does not occur. Policies can be <br />pushed from the central management console or pulled from an individual endpoint <br />client. Client installs are configured to update (pull) policy changes every 90 minutes. <br />Our enterprise SIEM tool is configured to pull data in real time from the DLP database. <br />Dashboards are created to allow quick overviews of agent statuses/details, alert details, <br />and logging details. <br />The SIEM is configured to notify the Security Team in real time when an alert is detected. <br />The Analyst then logs into the SIEM and investigates the alert to determine whether it's <br />legitimate or a false positive. <br />1.6.8 Customer Termination <br />If a customer were to terminate their contract with SAP Fieldglass, the customers data <br />could be sliced out of the production database and delivered to the customer on a media <br />of their choice. The size of the data will determine what media is appropriate. <br />SAP Fieldglass P a g e 18 121 <br />