www.sil.mu

Incorporating Security in IT Solutions for Corporate Registers

       www.sil.mu

SECURITY

       www.sil.mu

• Physical Security

• Server and System Software Security

• Database Security and Audit Trail

• Authentication to the Application

• Application Level Security

• Online Applications Security

       www.sil.mu

SECURITY COMPONENTS

       www.sil.mu

• Environmental design Air Conditioning, Dual UPS and Standby

Generators

• Electronic and procedural access control Biometric Access control

for controlling user access points

Datacenter access limited to IT administrators

• Intrusion detection and Video monitoring Security alarms and CCTV

for incident notification and verification

PHYSICAL SECURITY OF IT

       www.sil.mu

• High Available Cluster System For Database and Application

Server - protection against a single server failure

• Disaster Recovery System- protection against disaster at Main site

• Firewall and Intrusion Prevention System

• Antivirus/ Antispyware server

• Data Protection System- Automated backup of servers and

databases

SECURITY COMPONENTS

       www.sil.mu

• Up to date with latest Security patches and fixes

• Logging of access to all server services

• Use of encryption for network communication

• Maintain a proper system backup policy

SERVERS AND OS SECURITY

       www.sil.mu

• Restriction of User ID to an agreed number of alphanumeric

characters (Include special characters in Password @,#)

• Maintain password Complexity

• No shared ID issued to multiple users

• Disabling of Inactive account accounts after an agreed time period

• Locking of users of a successive given attempts of failed login

       www.sil.mu

USER AND PASSWORD MANAGEMENT

       www.sil.mu

• Initial Password allocated to user will be one time. User forced to

change his password on first log in

• Users forced to change their password after an agreed time period

from the last password change date.

• User sessions will time-out after an agreed period of inactivity

       www.sil.mu

USER AND PASSWORD MANAGEMENT cont..

       www.sil.mu

• Access to user on system will be depending on their access rights

(Filing officer accessing filing system, Cashier accessing cash

collection system, Companies officer accessing Companies

Administration Module, Management of ROC accessing all

systems )

• Access rights to record application

• Access rights to approve application

• Access rights to insert, update and delete

       www.sil.mu

APPLICATION - LEVEL

       www.sil.mu

• Any record created in the database will have the user stored in the

database and the date it has been created.

• The user who has last updated the record will be stored in the

database.

• Any table in the database can be audited and any updates made

can be logged.

• Tracking of Status on Application (Recorded, In Progress,

Rejected or Approved).

• Tracking of Status of Companies (Incorporated, Amalgamate,

Dissolve, Wind-Up)

       www.sil.mu

APPLICATION – AUDIT TRAIL

       www.sil.mu

• Information recorded in a temporary database in the DMZ server.

• ROC Staff validate the data before sending it in the live database.

• Each company will have a password to access their account. They

can use it to submit their applications online.

       www.sil.mu

ELECTRONIC SUBMISSIONS