IT Risk Management
As a provider of globally dispersed supply chain services and solutions, the secure flow and management of electronic data allows ALOM to effectively communicate and verify requirements and status with supplier and partner resources around the world. ALOM’s IT risk management is an ongoing iterative process where we continuously examine risk points within our environment and evaluate strategies to mitigate them efficiently and securely.
The largest and most unpredictable security threat for any company is people. Each staff member, supplier, vendor and partner is personally involved in the security of ALOM employees, facilities, inventory, networks, IT systems and electronic data. They are continually educated and engaged in ensuring ALOM electronic data and network security processes are strictly adhered to. Our comprehensive ISO 27001 compliant IT policy includes strict password adherence for all users, background checks on all personnel, as well as other recognized safeguards.
Suppliers are evaluated for physical as well as technology security prior to approval for receipt of any sensitive data or products.
We evaluate best-in-breed products that are proven market leaders in security. We are dedicated to vetting every product or system we put into production from individual applications to network platforms and systems.
ALOM’s physical security is tightly controlled in all locations with multi-factor authentication. Staff is subject to background checks, and premises are closely monitored, using camera surveillance with real-time monitoring as well as multi-tiered access restrictions.
ALOM’s system architecture is principal in keeping our systems running in the event of a disaster. We have taken a ground up approach using industry leaders to minimize our RPO and RTO. The environment exists in a fully redundant, virtualized infrastructure across multiple data centers, using VMware disaster recovery solutions, DataDomain backup appliances, and EMC storage hardware.
ALOM has partnered with Agility Services for disaster recovery services, including critical service restoration, power, and equipment replacement. Our databases have full encryption capability. We are PCI DSS compliant. Remote users access the systems via an SSL encrypted terminal and information transfer with partners is encrypted.