The ENCON Group Inc

ENCON Group Inc. 500-1400 Blair Place Ottawa, Ontario K1J 9B8 Telephone 613-786-2000 Facsimile 613-786-2001 Toll Free 800-267-6684 www.encon.ca Application Addendum Information Technology Security

The purpose of this questionnaire is to establish what security measures are in place to prevent hardware/software/network losses. Maintaining continuity of services is the primary risk exposure. Situations that can cause an interruption of business are unauthorized intrusion (hackers), fire, power shortage, software/hardware failure, etc.

1. Name of Applicant:

2. Internet Access Providers (ISP) Web Hosting Application Service Providers (ASP) Storage Service Providers (SSP)

3. Do you have a contingency plan? YES NO

If yes, please provide a copy.

If no, please provide details of your alternative measures.

PREMISES SECURITY

4. Building details:

5. Do you have card access control to: Building Office Server Rooms None

6. Do you have a dedicated line alarm system? YES NO

7. Do you have fire suppression system with capability to suppress fire without damaging electrical equipment? YES NO

8. Do you have early smoke detection system? YES NO

9. Do you have a sprinkler system? YES NO

10. Do you have controlled air ventilation system to prevent overheating in the server room? YES NO

11. Do you have windows/doors protection against breakage and entry? YES NO

12. Do you have visits logged against customer defined control lists to allow /deny access to servers and systems? YES NO

13. Do you have an uninterruptible power supply? YES NO

If yes, how long can it sustain a power interruption?

14. Confirm what security controls are used to safeguard communications networks and data integrity, accuracy and completeness.

15. Are the servers monitored 24 hours/day? YES NO

16. Do you have any intrusion detection system to monitor external traffic and server logs for any possible hack attempts of known vulnerabilities and capture perpetrator’s traffic for further analysis? YES NO

17. Do you have a firewall and router logged for successful and unsuccessful connections and are they backed up on a daily basis? YES NO

(a) Are all log files indicating allowed and denied access, as well as possible security penetration attempts from firewall and IDS monitored routinely and regularly throughout each day? YES NO

(b) Does your router include packet filtering and access control lists? YES NO

(c) Do you have a policy in place for installing service release patches and hot fixes? YES NO

If yes, how often?

18. Are all servers, data, applications and logs backed up to tape, with rotating copies stored off site? YES NO

If yes, how often? Daily Weekly Monthly None

19. To minimize downtime due to software or hardware breakdown, do you utilize server and component redundancy? YES NO

20. To minimize downtime due to software or hardware breakdown, do you utilize co-location server? YES NO If yes, please provide details.

21. Do you have any documented procedures in place for the following: (a) systems recovery YES NO (b) intrusion detection YES NO (c) firewall service release patches and hot fixes YES NO (d) daily back-ups YES NO

22. Do you have virus detection software? YES NO

If yes, how often do you update the software? Daily Weekly Monthly

23. Is your data mirrored for data integrity? YES NO

Signature Date

Position