Our Valued Customers, The ESKADENIA team would like to inform you that we are back in full force at the office and have continued normal operations while still following the Jordanian government’s COVID-19 safety procedures. Our activities may be subject to change during these uncertain times, but we assure you that any changes to our operations will not affect our level of service to our customers. We thank you for your cooperation and wish you good health. ESKADENIA Software Team
In order to minimize the attack surface of deliverables, ESKADENIA shall:
Each Deliverable shall:
ESKADENA may deliver evidence about the security of each Deliverable such as security audit reports, vulnerability scans and code robustness analysis. Software and hardware deliverables shall allow authentication data (such as passwords) and cryptographic keys to be modifiable according state-of-art robustness by the purchaser. ESKADENIA may implement the mutually agreed security Statement of Compliance applicable for each project.
2.1 Point of Contact
ESKADENIA shall nominate both, a contact person for security related matters and an upper-management contact or key-account manager to handle escalation matters. The contacts shall be provided for each project and changes shall be communicated promptly.
2.2 Security incidents
ESKADENIA shall notify the Purchaser in case an incident related to the Supplier may have an impact on the Purchaser (for example, loss, alteration, disclosure or non-authorized access to source code, data, personal data or information, etc.) and shall use all efforts to remediate and/or solve the incident and inform the Purchaser of progress and end-of-incident.
2.3 Access to Purchaser’s systems
Purchaser shall grant ESKADENIA access to their systems, ESKADENIA shall:
2.3 Documentation
ESKADENIA shall deliver to the Purchaser all necessary information to assess the security of Deliverables and to securely configure the Deliverables and shall keep the documentation delivered to the Purchaser up-to-date.
2.4 Asset management
ESKADENIA shall identify, document and protect all Assets (information, software, hardware, computers, USB stick, badge, tablet, smartphone…) of the Purchaser that have been entrusted to her by the client.
2.5 Human Resources Security
ESKADENIA shall ensure that its employees and any third parties appointed for the performance of the Agreement: - Possess the appropriate security skills; and - Know and implement the applicable security rules for the performance of tasks. Upon request of ESKADENIA Customer must provide the applicable security rules before the start of any tasks. Anybody acting on behalf of ESKADENIA, who needs remote or local access to the Purchaser’s information system, is required to provide identification information. ESKADENIA shall strive that any access on its behalf is not abused and assumes legal responsibilities according to the applicable laws. Where the Supplier uses subcontractors to fulfil the Agreement with the Purchaser, the Supplier shall specifically identify them as subcontractors and ensure that the same due care will always be applied. Upon request of the Purchaser, ESKADENIA commits to use security checked personnel, i.e., screened by national authorities, for handling of sensitive Deliverables prior to deployment in the Purchaser's Network, as well as for maintenance of sensitive Deliverables during the whole operational phase.
2.6 Information & Access Management
ESKADENIA shall process, use and transmit Purchaser information involved in the Service only for Service provision and only for the duration of the Agreement. ESKADENIA shall ensure that:
In the event of a security incident, Purchaser may suspend access or request suspension of access until the incident is resolved. It is understood that PMO office will be affected at the time. ESKADENIA will be given the time to solve such incidents. In addition, ESKADENIA shall implement the following measures on information classed as confidential by the Purchaser:
ESKADENIA implements in compliance with the maintenance conditions agreed in the Agreement, all necessary means (architecture, event detection and response, backup plan, continuity plan…) to protect the Services from unwanted or voluntary incidents that could threaten the continuity of the Services.
ESKADNEIA shall separate development, testing and production environments and shall not use production data for testing activities according to its CMMi Level -3 process.
The Purchaser may request from ESKADENIA a security report related to the Services no more than once a year. This security report shall include but is not limited to the following information:
ESKADENIA shall inform the Purchaser if Third Party services (e.g. data center services) are involved or planned to be involved in the provision of the Service and shall strive to insure that Third Party services are always compliant with the security requirements applicable to the Service.