Asite - Delivering Data Logistics

Protecting your data

We are committed to ensuring that your privacy is protected and that our applications offer the highest level of security. This section describes how we do that.

 Our privacy policy outlines how we manage the personal information collected about our registered users and visitors to the site. Our security statement outlines how we maintain the highest levels of security for users of our technology.

If you have any comments or questions, please contact us via e-mail at info@asite.com.


Privacy Policy

Definitions
'Visitors' are those who use our public website. 'Users' are those with access to the password protected elements of our website.

Information Gathered
The following categories of Personal Data may be collected and stored in relation to each Visitor or User:

1. Information that is available to Asite and other Users

  • Contact details - name, address, e-mail address, phone and fax details, etc.
  • Employing organisation
  • Mailing, shipping and delivery addresses
  • Supervisors and workflow processes

2. Information that is available to Asite

  • An audit trail of pages viewed and documents opened within Asite
  • Contact details of Visitors through Enquiry / Order Forms and records of relevant communications
  • Username and password
  • Details of transactions made using Asite applications
  • Records of training that Users have attended

Use of Information
All information is collected strictly for:

  • The efficient provision of services by Asite
  • Communication with, and between, Users concerning Asite and Asite's services
  • The provision or offer of related, value added or personalised services to Visitors
  • The compilation and exploitation of aggregated (non-personally identifiable) statistical information

For example, names and contact details are collected and stored by Asite to allow us to respond to and follow up with Users in relation to queries about Asite or the use of asite.com. Data pertaining to transactions through asite.com is collected and stored. Data relating to website usage patterns is collected for the purposes of improving the service offered.

Personal Data will not be disclosed to third parties, whether for marketing purposes or otherwise, without giving Visitors or Users the opportunity to object to such disclosure, except where the data is supplied to agents or sub-contractors of Asite acting under their authority.

During certain uses of the site, you may be linked to a site or product catalogue provided by a third party. If you submit information to Asite to access or purchase any third party's product or services which are linked to via the asite.com site, we may need to share information, identified in this document, with those parties. This is so that they may process your request deliver the relevant functionality, and or in the case of placing an order, supply the product or services that you ordered.

Cookies
Cookies allow registered users to be authenticated and gain access to the privileged area of the site. Cookies are small text files sent to and stored on Visitors' or Users' computers. Cookies do not damage computers or files. These allow you to access all of Asite’s functionality using one password.

Your Consent
By submitting your information you are consenting to our use of it for the uses specified above.

Correcting / Changing Information
As Asite expands its related products and services, we may need to update our privacy policy without prior notice.

Please refer to this page on a regular basis for updates. Please notify us via info@asite.com if you wish to be removed as a User of asite.com or if you wish to modify your information. While we will assist you in protecting your personal information, it is your responsibility to protect your password.

Back to Top


SECURITY STATEMENT

Asite has architected the Asite Platform to maximize protection against all forms of unauthorised activities that could lead to:

  • Exposure of confidential information to unauthorised parties
  • Damage, alteration or removal of data
  • Data theft
  • Denial of service
  • Unauthorised access to services, resources or data

Site and System Security
Secure Network

  • The Asite Platform services are protected by hardware firewalls to restrict access and minimise opportunities for attack
  • A fully redundant switching fabric, combined with failover network devices ensures no single point of failure
  • Transaction-based document exchange applications (FTP, JMS, HTTP/S) are explicitly enabled for point-to-point connectivity only.
  • VPN access for off-site operations involves two-stage protection, including RADIUS authentication.
  • A state-of-the-art redundant network with multiple tier-1 bandwidth providers for internet connectivity with BGP (Border Gate Protocol) offers a 99.975% network uptime SLA, 24 x 7 monitoring and reporting and a minimum 60% bandwidth headroom at all times.

Secure Application and Data Servers

  • Asite Platform applications utilise a number of technologies including hardened HTTP servers, proxy services and application servers.
  • HTTP server access is filtered by a policy-based security service that prevents unauthorised access to protected URLs and rejects malformed URLs to eliminate exploits.
  • Anti-Virus software is active on all servers and automatically updated with the latest virus definitions and programme enhancements.
  • Anonymous connection is limited to public web pages only.
  • All application services offer HTTPS access with 128-bit encryption.
  • Asite Platform data servers are separated from application servers by additional firewalls.
  • Application services use dedicated authentication with minimal authorisation.

Physical Security

  • The Asite Platform production systems are housed in a highly secure co-location data centre. Our co-location partner provides physical access and environmental security and reliable power and data connections.
  • Physical access is limited to authorised personnel. Prior notice is required for all visitors and will only be accepted from specific Asite staff. A CCTV system covers all entrances/exits and main areas, with 24-hour video recording, a full perimeter alarm, PAC security card access system, visual verification of all persons entering the data floor and cabinets in locked caged area.
  • Temperature and humidity is managed by redundant air conditioning systems to guarantee stable temperature and humidity @ N+1
  • Very early smoke detection apparatus (VESDA) installed, together with a FM200 fire suppression system
  • All servers have dual power from separate circuits
  • Diverse power supplies with diesel generator backup, in a redundant configuration provide conditioned power via a redundant parallel.

Data Storage and Backup

  • All volatile data is protected by daily archive to tape.
  • Tapes are removed to off-site storage vaults on a daily basis

Application Monitoring

  • A standard 3rd party monitoring application verifies the health of all systems in the Asite Platform.
  • Custom monitor sequences verify application behaviour and will automatically generate a pager alert should external service availability be compromised.
  • Custom application monitors validate the correct processing of transactions through the document exchange system.

Service Continuity

  • Asite Platform applications use both hardware and software content switching to ensure, insofar as possible, continuity of service in the event of an application server failure. A data server failure will lead to service outage to minimise the scope of any potential data corruption.
  • Asite plans for service continuity in the event of a disaster involving the Asite Platform aim for service recovery at an alternative site within 48 hours. Asite are planning to invest in additional capabilities during 2004 to reduce this to well below 24 hours.

Access
System Administrator Access

  • Direct access to operational systems is limited to key personnel in the Systems Operations team.
  • The custom VPN client required to access the systems from an off-site location is only available to key operations staff.
  • Site-to-site VPN from Asite offices is also restricted to key personnel.

Portal Administrator Access

  • Portal administrators register and manage Asite Platform Trading Partners and their access to services via an application managed user interface. Access to Portal Administration is limited to Systems Operations and Customer Support staff.

Trading Partner Administrator Access

  • Trading Partner (TP) Administrators manage their own user communities and the allocation of services within their community.
  • Only services authorised by Portal Administration can be allocated to users.
  • TP administration is offered as a managed service by Asite Customer Services.
  • A TP administrator can deactivate a user or reset their password at any time.

Application Administrator Access

  • The Asite Platform includes a wide range of applications that have differing administrative requirements. Whether this is performed by the client, or on their behalf by Asite, an administrator only has scope to manage resources owned by his organisation. All Asite applications have sophisticated role-based user privilege management that enable administrators to provide appropriate capabilities to individuals or groups of users.
  • Changes to a user’s privileges have immediate effect.

User Access

  • After successful authentication, a user is presented with a dynamic list of services which they have been authorised to use.
  • Repeated unsuccessful authentication will automatically deactivate the user.

Back to Top

 
Visit our Library

Read about Asite's products and services as well as our case studies. Make use of our software downloads and 'Quickstart guides' to maximise use of our solutions.
    © Asite Solutions Ltd. 2000-2008 - Privacy Policy Unit E2, 3rd Floor, Zetland House, 5-25 Scrutton Street, London EC2A 4HJ. Reg. No: 04040122, Vat No: 882000944