Third Party Audits for Web Conferencing
Companies want to know without a doubt that the data that may temporarily reside on a vendor's server during a Web conference is not being accessed by unwanted parties.
Web-conference-hosting services make a lot of promises about security, but to be certain that your data is being handled properly, it's important to know that the service has the oversight of a third-party auditing body. Third-party auditors are certified accountants hired by the vendor to come in with a checklist and determine, in an unbiased fashion, that the vendor is making good on its security promises. The auditor annually reviews the procedures of the hosting service, and awards it with a seal of approval if it meets security standards.
Ernst & Young, which provides WebTrust and SAS-70 Type I & II certification, holds companies to the following security standards.
First, the company must identify and document its specific security measures. It also must explain how it allows access to authorized users, what kind of access it allows, and who authorizes that access. Here are some other areas reviewed by Ernst & Young in its security auditing process:
- Preventing unauthorized access
- The procedures to add new users, modify the access levels of existing users, and remove users who no longer need access
- Assignment of responsibility and accountability for system security
- Assignment of responsibility and accountability for system changes and maintenance
- Testing, evaluating, and authorizing system components before implementation
- Addressing how complaints and requests relating to security issues are resolved
- The procedures to handle security breaches and other incidents
- Provision for allocation for training and other resources to support its system security policies
- Provision for the handling of exceptions and situations not specifically addressed in its system security policies
- Provision for the identification of, and consistency with, applicable laws and regulations, defined commitments, service level agreements, and other contracts
On the next page, you'll learn more about hosting Web conferences.