The Security Standards Exela Meets

Blog Image for Hero Section
Media & Publishing
Blog Content

As leaders in digital transformation initiatives around the world, Exela is entrusted with maintaining the integrity, privacy, and security of information belonging to our customers and their customers and end users. “The information entrusted to us is the lifeblood of our customers’ businesses,” notes Mario Carneiro, Exela’s Data and Technical Security Manager. So to say there’s a lot at stake would be an understatement.

In fact, maintaining the privacy and security of the information entrusted to us by our customers is a primary business objective of ours. Our robust approach includes:

  • Compliance with the GDPR and related Privacy Shield Framework
  • Compliance with the GLBA
  • Compliance with SSAE (Statement on Standards for Attestation Engagements), including SSAE 16 (applicable specifically to service organizations) and SSAE 18 (applicable to all attestation engagements, and requiring, among other things, annual SOC1 audit of data and system security controls and protocols)
  • Compliance with the Sarbanes-Oxley Act (SOX, which protects shareholders and the general public from accounting errors and fraudulent enterprise practices)
  • Compliance with the National Archives and Record Administration’s standards for guidance on maintenance and storage of electronic records.
  • Biennial internal auditing and monthly self-assessment auditing of all Exela facilities to ensure compliance
  • Implementing physical, electronic, and managerial procedures to safeguard and secure all information we process, including preventing unauthorized access and/or disclosure and maintaining data accuracy

Fully compliant operations

In every country, in each locality, and in every industry in which Exela delivers services, Exela is charged with being and remaining compliant with the applicable laws, rules, regulations regarding data security and privacy. That means, among other things:

  • System Certification and Accreditation under NIST (the U.S. Department of Commerce’s National Institute of Standards and Technology, as discussed in What Rules Apply to Data Security), which requires compliance with the applicable guidelines and standards contained in:
    • FISMA
    • HITRUST CSF
    • PCI DSS
    • HIPAA
    • ISO/IEC 27000-series
    • FIPS (Federal Information Processing Standards, with regard to nonmilitary government agencies and government contractors)
    • DIACAP (Department of Defense Assurance Certification and Accreditation Process with regard to information systems risk management)

System security

To protect the integrity of our systems and ensure secure, uninterrupted service for all our customers, we maintain a complex and rigorous set of security and control features, including:

  • Access controls:
    • Our facilities uphold the highest standards for security and access control, including continuous monitoring by personnel and by CCTV, identification display protocols, and periodic system integrity checks. Physical access (to both buildings and computer equipment) is restricted to individuals requiring access to perform their job responsibilities.
    • Contractors and subcontractors are required to implement and maintain safeguards consistent with ours.
    • User access privileges are reviewed regularly.
    • Unauthorized attempts to access information as well as authorized access to sensitive data is logged and reported; the logs and reports are regularly reviewed, and appropriate action taken.
  • Change controls – Before any modification is made to the system or any element thereof, all affected parties are notified, and timing is to ensure minimum adverse impact.
  • Application controls – All databases are configured so that modifications can be made to data only through programs, and individuals are restricted from directly accessing underlying production databases. Segregation of duties is enforced, and source code control is in place. A Software Development Life Cycle includes industry standard secure coding training, practices and requirements.
  • Antivirus controls – The gold standard of antivirus software is deployed in all contexts and is properly maintained, including real time upgrades.
  • Disaster recovery controls – Exela’s formal disaster recovery policies, including contingency plans and securing alternative processing methods, have been established, tested, and refined over decades to ensure operating requirements are met, quality is maintained, and expectations are exceeded wherever possible. They continue to be reviewed and improved as needed at least annually.
  • Data backup & recovery controls – Our backup and recovery controls ensure all systems are backed up and all critical systems media is available for use in an emergency.
  • Risk management – Exela develops, disseminates, and periodically reviews its security policies, including risk management, security awareness, security training, and incident response.

Data security

Exela maintains the integrity, privacy, and confidentiality of the data entrusted to it through its compliance program, its system security stance, as well as a complex set of best practices that include:

  • Secure configuration, access controls & passwords – Exela’s formal policies, which are reviewed on a regular basis, ensure access to data is controlled in a secure manner that allows business operations, and such controls are regularly monitored to ensure compliance and appropriate incident response.
  • Boundary firewall – To protect data integrity and security of our enterprise network, we have implemented multiple controls and practices to maintain the highest level of security including protecting all boundaries/the external perimeter with firewalls. All external connections must terminate in a DMZ network.
  • System security – In addition to the system security controls discussed above, Exela has also engaged a Managed Security Services Provider (MSSP) to help provide threat intelligence at our boundary.

System monitoring

Exela has deployed the Tenable Security Center solution, which includes the Passive Vulnerability Scanner (PVS) to provide continuous network monitoring in real-time. Security alerts are continuously monitored and logged, and logs are maintained securely.

Thus concludes our thought-leadership series on Leveraging Cybersecurity to Master Your Domain. If you missed the earlier posts, you can catch up here:

Psst....you can download the entire series as a flipping-book here, and you can also find all of these posts on our blog, which we update at least twice weekly.

In the future, be sure to subscribe to Exela’s quarterly thought leadership publication, PluggedIN for up-to-the-minute news and views on topics that matter to you.

Author Name
Lauren Cahn
Date
Hashtag(s)
Industry Solutions

Book Publication in Health Sciences

Case Study Featured Content

How a Leading Publisher Engaged Exela for End-to-End Book Production

Case Study Image for Hero Section
Media & Publishing
Features & Benefits
CHALLENGE:

A leading publisher in the health sciences and medical field needed a publishing partner that could manage the full book publishing lifecycle. This included: composition, copyediting, style conversion, photo and illustration alterations and rendering, proofreading, indexing, format conversion, content accessibility, supplementary material development, and project management.

The central challenges involved were a product of the broad scope of the project, a heavy focus on the quality of the output, and a request for quick turnaround. The copyedited manuscript provided by the customer did not define styles for the respective content. Identifying and mapping the styles in the document with the appropriate styles per the InDesign style sheet was an additional challenge. Some entities in the document were not ASCII and, hence, were not recognized by InDesign.

SOLUTION:

In order to fulfill the request, Exela developed an in-house tool for image placement and applying styles. The tool was used alongside the contributions of Exela’s subject experts and editors, who provided the Alt-text for non-text components. The tool helped scale up the workflow and shorten the expected schedule, while still ensuring that the output quality remained at, or above, the agreed upon level. Exela also provided illustration services that encompassed alterations to the existing illustrations and rendering of new art.

In most cases, multiple images had to be used during the automated insertion process, in accordance with the callouts. The tool Exela built helped manage multiple image placements and images in many different formats. In the end, the work was completed in a timely fashion and the output was of exceptional quality. The tool Exela developed has since been available to assist with related projects, regardless of format, size, scope, and content.

BENEFITS:
  • Image placement was sped up from 100 images per hour to 600 images per hour, for a 500% improvement in productivity
  • Word to style conversion was increased from 10 pages per hour to 27 pages per hour, for a 170% increase in productivity
  • EPUB conversion automation requires minimal intervention
  • Reduced time to market
  • Excellent quality
  • Significantly lowered cost
Hashtag(s)
<-----------LinkedIn Insight Tag----------------->