Corporate Security Statement
- Legal
- Corporate Security Statement
Who Are We?
OMAX TELECOM takes the security of its information, infrastructure, and applications very seriously.
OMAX TELECOM has implemented policies, controls, and procedures, and has allocated dedicated resources required for a formal Corporate Security organization.
This document provides an overview of the security controls employed by OMAX TELECOM and is intended to be shared with its customers, prospects, partners, and suppliers.
Security Governance
Security Policies
OMAX TELECOM has implemented, published, and communicated to its personnel an information security policy, detailing the ISMS structure, security governance, and main roles and responsibilities. It contains a management declaration, signed by OMAX TELECOM’s managing director, setting the company’s objectives toward information security and demonstrating top management commitment.
Ensuing from this main document, OMAX TELECOM has developed a set of security policies, procedures, technical standards, and guidelines that define security requirements to protect OMAX TELECOM assets and data.
Individual responsibilities are communicated in each document. These policies are permanently available to employees and contractors through OMAX TELECOM’s intranet portal.
The information security policy is available [here] (insert link).
Security Organization
OMAX TELECOM has a formal Corporate Security organization led by the Chief Information Security Officer (CISO), who is responsible for all security matters in the organization and is assisted by a team of technology and security professionals. These professionals hold a variety of certifications and credentials that attest to their proficiency in the field. They participate in training programs and activities sponsored by industry-specific security groups to stay abreast of current security trends and issues.
The CISO has ultimate responsibility for the organization’s security-related decisions and strategies. The Corporate Security team is composed of IT security governance specialists, security engineers, and security operation experts.
Management Leadership
OMAX TELECOM’s top management is highly involved in the maintenance and continuous improvement of the company’s security posture and provides support to security-driven initiatives. They participate regularly in Security Steering Committees and ISMS management reviews.
The Security Operations team sends a SIRT (Security Incident Response Team) report to OMAX TELECOM’s top management every month, providing security-related highlights, updates on incidents and vulnerabilities, reports on the attendance and results of security awareness sessions, and highlights of security intelligence reports.
Human Resources Security
Recruitment Process
Teams in charge of recruiting new employees and contractors perform checks to ensure candidates have the required skills and knowledge to perform their roles. Background and reference checks are conducted in accordance with local laws.
Contractual Obligations
OMAX TELECOM employees and contractors are required to sign non-disclosure and confidentiality agreements upon joining the company and to commit to respecting OMAX TELECOM’s information security policies.
Security Awareness
OMAX TELECOM employees and contractors are required to complete security training and awareness programs upon joining the organization. A yearly awareness program reinforces key security concepts and reminds employees of their responsibilities as defined in the security policies. Phishing simulation campaigns are conducted regularly to train employees to detect potential attacks.
Appropriate Use
OMAX TELECOM’s Code of Conduct and Acceptable Use Policy address the appropriate use of company assets, tools, and data. Violations of these policies may result in disciplinary action.
Termination Process
OMAX TELECOM has established a documented termination process that defines responsibilities for the collection of IT and HR assets and the removal of access rights for employees and contractors who leave the company.
Asset Management
OMAX TELECOM has established and maintains asset inventory processes for its information assets.
Assets are classified based on security criteria: confidentiality, integrity, availability, and traceability. Security requirements are defined based on the classification of the asset, and employees are provided with instructions on how to handle assets properly.
Specific rules are defined for asset maintenance and transport. The use of removable media is not allowed. When an asset is no longer needed, it is disposed of securely to ensure no data can be retrieved.
Mobile Devices
Non-OMAX TELECOM devices cannot be connected to the company’s internal network, whether wired or wireless. Non-company devices can use OMAX TELECOM’s guest Wi-Fi, which does not provide access to company data.
Mobile devices must have antivirus software running permanently. The IT support team can remotely wipe mobile devices when necessary.
Physical and Environmental Security
Datacenter Security
The following physical and environmental controls are incorporated into the design of OMAX TELECOM datacenters:
- Separate protected facilities
- Badge entrance control
- Internal and external cameras
- Temperature and humidity control and monitoring
- Fire and water detection alarms
- Lightning suppression
- Transient voltage surge suppression and grounding
- Redundant power feeds and UPS systems
- Physically secured network equipment areas and locked cabinets
Datacenter access is limited to authorized personnel. Visitor access procedures and loading dock security protocols are established.
Office Security
Physical access controls are implemented in all OMAX TELECOM offices. Controls vary by location but typically include access control with badge readers, on-premises security staff, and defined procedures for visitor access control.
Identity and Access Management
Authorization and Authentication Controls
OMAX TELECOM follows a formal process to grant or revoke access to its resources. Access management is based on the “least-possible privilege” and “need-to-know” principles to ensure authorized access aligns with defined responsibilities.
Privileged Access
Access to authentication servers at administrative, root, or system levels is limited to designated professionals. Dedicated admin accounts must be used to perform privileged actions.
Password Requirements
OMAX TELECOM’s security policy establishes requirements for password complexity, change, and reuse. Sessions are automatically locked after a period of inactivity, and accounts are locked after several unsuccessful login attempts. Sharing passwords is strictly forbidden.
Operations Security
Hardening
All OMAX TELECOM laptops are protected by hard drive encryption software using the 256-bit AES encryption algorithm. The software enforces password controls and uses a dynamic password timeout to prevent brute force attacks.
Vulnerability and Patch Management
OMAX TELECOM uses multiple vulnerability scanning tools to assess its internal and external network environments. Scans are conducted regularly, and vulnerabilities are assessed using CVSS scores to define patching SLAs.
Penetration Testing
OMAX TELECOM’s external-facing applications undergo penetration testing at least once per year and before major releases. Findings are registered and follow a remediation process.
Backup and Restore
Data center systems are routinely backed up for disaster recovery purposes. Backup and restore procedures are documented and regularly tested.
Traceability and Log Management
OMAX TELECOM uses SIEM (Security Information and Event Management) for security monitoring and anomaly detection.
Network Security
Antivirus and Antispyware
OMAX TELECOM installs antivirus and antispyware software on all company computers. Virus signatures are automatically updated.
Desktop Firewall
OMAX TELECOM’s desktop firewall software is automatically enabled and uses standard configurations to protect against malicious network traffic.
Wireless Networks
Only IT-managed wireless networks are permitted on OMAX TELECOM’s network. Unmanaged endpoints are placed on a guest VLAN with limited access.
Spam Blocking and URL Filtering
OMAX TELECOM has deployed URL filtering software to block access to inappropriate websites and maintains an email gateway with spam-blocking and antivirus software.
Remote Access
OMAX TELECOM utilizes VPN (Virtual Private Network) software with dual-factor authentication for secure remote access. VPN tunnels are secured using AES128 or higher encryption.
Change Management
OMAX TELECOM has established a change management process that includes impact assessment, testing, and rollback procedures. All changes must be reviewed and approved by a Change Approval Board.
Development Environments
OMAX TELECOM maintains separate development and production environments. The transfer of applications from development to production follows established change management procedures.
Supply Chain Security
OMAX TELECOM ensures security across its supply chain by requiring suppliers to apply at least the same level of security as the company. Suppliers are required to sign a security annex as part of their contract.
Incident Management
OMAX TELECOM has documented procedures for reporting and responding to security incidents. The Corporate Security team follows a structured incident response process, including escalation, roles, and responsibilities.
Business Continuity and Disaster Recovery
OMAX TELECOM has established a Business Continuity (BC) and Disaster Recovery (DR) strategy, following industry best practices. BC and DR plans are regularly reviewed, updated, and tested.
Compliance
Internal and External Audits
OMAX TELECOM is regularly audited by internal and external auditors to ensure compliance with security standards and regulations.
Ethics and Compliance
OMAX TELECOM has implemented procedures for reporting misconduct anonymously or otherwise.
Privacy Office
OMAX TELECOM has established data protection rules to ensure compliance with GDPR and other applicable privacy laws. The privacy policy is available on our website.