<p> ENCON Group Inc. 500-1400 Blair Place Ottawa, Ontario K1J 9B8 Telephone 613-786-2000 Facsimile 613-786-2001 Toll Free 800-267-6684 www.encon.ca Application Addendum Information Technology Security</p><p>The purpose of this questionnaire is to establish what security measures are in place to prevent hardware/software/network losses. Maintaining continuity of services is the primary risk exposure. Situations that can cause an interruption of business are unauthorized intrusion (hackers), fire, power shortage, software/hardware failure, etc.</p><p>1. Name of Applicant: </p><p>2. Internet Access Providers (ISP) Web Hosting Application Service Providers (ASP) Storage Service Providers (SSP)</p><p>3. Do you have a contingency plan? YES NO </p><p>If yes, please provide a copy.</p><p>If no, please provide details of your alternative measures.</p><p>PREMISES SECURITY</p><p>4. Building details: </p><p>5. Do you have card access control to: Building Office Server Rooms None</p><p>6. Do you have a dedicated line alarm system? YES NO </p><p>7. Do you have fire suppression system with capability to suppress fire without damaging electrical equipment? YES NO </p><p>8. Do you have early smoke detection system? YES NO </p><p>9. Do you have a sprinkler system? YES NO </p><p>10. Do you have controlled air ventilation system to prevent overheating in the server room? YES NO </p><p>11. Do you have windows/doors protection against breakage and entry? YES NO </p><p>12. Do you have visits logged against customer defined control lists to allow /deny access to servers and systems? YES NO </p><p>13. Do you have an uninterruptible power supply? YES NO </p><p>If yes, how long can it sustain a power interruption? </p><p>IT33E-SRD-01-SECURITY 1 Nov. 3/03 © 2003 ENCON Group Inc. NETWORK DATA</p><p>14. Confirm what security controls are used to safeguard communications networks and data integrity, accuracy and completeness.</p><p>15. Are the servers monitored 24 hours/day? YES NO </p><p>16. Do you have any intrusion detection system to monitor external traffic and server logs for any possible hack attempts of known vulnerabilities and capture perpetrator’s traffic for further analysis? YES NO </p><p>17. Do you have a firewall and router logged for successful and unsuccessful connections and are they backed up on a daily basis? YES NO </p><p>(a) Are all log files indicating allowed and denied access, as well as possible security penetration attempts from firewall and IDS monitored routinely and regularly throughout each day? YES NO </p><p>(b) Does your router include packet filtering and access control lists? YES NO </p><p>(c) Do you have a policy in place for installing service release patches and hot fixes? YES NO </p><p>If yes, how often? </p><p>18. Are all servers, data, applications and logs backed up to tape, with rotating copies stored off site? YES NO </p><p>If yes, how often? Daily Weekly Monthly None</p><p>19. To minimize downtime due to software or hardware breakdown, do you utilize server and component redundancy? YES NO </p><p>20. To minimize downtime due to software or hardware breakdown, do you utilize co-location server? YES NO If yes, please provide details.</p><p>21. Do you have any documented procedures in place for the following: (a) systems recovery YES NO (b) intrusion detection YES NO (c) firewall service release patches and hot fixes YES NO (d) daily back-ups YES NO </p><p>22. Do you have virus detection software? YES NO </p><p>If yes, how often do you update the software? Daily Weekly Monthly</p><p>23. Is your data mirrored for data integrity? YES NO </p><p>Signature Date</p><p>Position</p><p>IT33E-SRD-01-SECURITY 2 Nov. 3/03 © 2003 ENCON Group Inc.</p>