How SKS Keeps its Data Secure Frequently Asked Questions
Overview SKS Bottle & Packaging considers the security of its information assets and customer data to be a strategic imperative to the business. As such, SKS has retained a managed security service provide (MSSP) to monitor its networks and cloud servers at its datacenters 24x7x365. This ensures round-the-clock monitoring of its servers and customer data to quickly identify and respond to attacks that attempt to affect the confidentiality, integrity, or availability of SKS services and information. This FAQ helps customers and employees better understand the IT risk management program in place at SKS Bottle & Packaging and what is done to regularly monitor, maintain, and improve it over time. Is SKS PCI Compliant? Yes. SKS complies with the PCI Data Security Standard (PCI-DSS) version 3.2 and performs a self assessment (SAQ) form that is completed and submitted to our payment processor and bank annually. A copy of SKS’ SAQ-D form is available upon request. Does SKS perform independent reviews of its security? Yes. SKS has retained an IT risk management firm that performs penetration testing (both external and the internal SKS corporate network) attempting to exploit SKS network and internet-facing web applications in an attempt to gain unauthorized access to customer data and payment card information. Penetration tests are preformed on an annual cadence. SKS has a formal, documented vulnerability management program in place that ensures regular vulnerability scanning and patch management is in place and that any vulnerability with a severity rating of HIGH or CRITICAL are remediated. Does SKS have a formal information security management system (ISMS) in place? Yes. SKS has an ISMS in place that is in compliance with ISO 27001:2013, ensuring that the a set of policies concerned with information security management of IT related risks are in place. SKS has designed, implemented and regularly maintains a coherent set of policies, processes, and systems to manage risks to its information assets and consumer data, thus ensuring acceptable levels of information security risk to the business. Does SKS perform regular application penetration testing of its e-Commerce web application? Yes. Both application penetration testing, dynamic and static code analysis are performed of its e-Commerce application source code and vulnerabilities are remediated as they are identified. For more information on how SKS protects its information assets, please contact: security@sks-bottle.com or call: 518-880-6980