Data Security is top priority at Info Salons

Ask anybody in the exhibition industry what they regard as their greatest asset and they will almost certainly tell you that it is their database, and particularly their visitor database. The visitor is at the heart of everything we do in the trade fair business and the collected records of those visitors are what keep the heart beating.

The security of this vital data is of the utmost concern. The Info Salons Group, as the leading independent registration company in Australia, China and the Middle East, has focussed both on the human and technological issues involved in securing its clients’ data.

The company takes great pride in utilising cutting edge technology to implement all aspects of its state-of-the-art registration systems. A consistent focus on security is central to this use of technology. The increasing use of web-based systems in all aspects of the business world means that new technical options are emerging all the time. Info Salons has taken a number of steps recently which it believes take its security measures well beyond the systems in place for almost any other registration company in the world.

Quality management procedures

Before turning to details of these latest technologies, however, it is worth spending a few moments focused on the general quality management procedures in place and how they impact upon data security. Info Salons has been ISO9001 certified since the mid-1990s and that certification is regularly reviewed and updated.

Any company which runs this kind of programme needs to/must have in place a Quality Assurance Manual that covers all aspects of quality management within that business. However, one of the cornerstones of data security is the fact that any authorised use of data is controlled through password protection. Info Salons has a strict user name and password policy for all internal documents, its administration system, internal databases and client databases.  This includes carefully-managed permission levels that limit staff to only the information they require to carry out their tasks.

Technology

The most recent development of Info Salons’ data security infrastructure has been the adoption of the One Time Password token (OTP), to ensure that all client data is protected by the same kind of security that one would expect for their financial records. The company believes that it may be the first in the exhibitions industry to implementation OTP tokens; it remains highly unusual in any business sector outside the world of financial services.

Access to client databases managed by Info Salons requires the entry of a user name, password, and now, the entry of a unique number which is generated by pressing a button on the token. An algorithm is used to generate a number which is specific to the date and time. The company’s software understands this, and access is therefore only permitted if the number from the token matches the number calculated by the software on Info Salons’ servers.

With this system in place, only those authorised with current user names and passwords and in possession of an Info Salons OTP token can gain access to the sections of the company’s database to which they should have access.

Other security measures

The OTP token, Info Salons’ latest innovation, sits atop a series of security measures which the company has evolved over more than 20 years of registration service delivery. All computer systems are equipped with state-of-the art firewalls, monitored 24/7 by the hosting suppliers. Remote access to the company’s systems is limited to two people, the most senior IT managers in the organisation.

The software systems which underpin Info Salons' work are divided into discreet components, meaning that access to each part of the system is carefully controlled. The component parts of the system include the registration pages clients use, exhibitor manuals and, most importantly, the database management system (DBMS).

The DBMS login control implements cookies, the contents of which are encrypted via 3DES. The system can also stop simultaneous logins if requested by the client. This helps to restrict the sharing of usernames and passwords. The DBMS also has control over the levels of data access and is therefore able to regulate what staff can and cannot see. This can only be managed by a user with the highest level of authorisation.

Login screens also implement CAPTCHA functionality - in which a human must type in the text to a corresponding picture - so that automated robot attacks cannot try to guess usernames/passwords.

Info Salon’s Info Web pre-event data management service allows access to client data for preparation and clean-up. The staff responsible for this belong to a separate department, and they are further restricted by limited functionality within the system and access to databases for only certain events. Only an appropriately authorised manager has the ability to export data. The Info Web software uses SSL cryptographic protocols and also enforces the use of the OTP token already described.

Location of databases

Databases managed by Info Salons only leave the company’s servers when going on-site for an exhibition: the databases run offline during the registration process for an exhibition. The on-site managers can export data as requested by a client but only have the capacity to export that particular database. This offline access is an integral element of the full Info Salons service as it allows exhibition managers to receive detailed reporting on registration activity during a show.

Staff-related security management

At all times, each staff member’s access to sensitive data is carefully restricted to solely that which they need to complete their assigned tasks for an individual client. When a person resigns from the company, all of their accounts in the data system are immediately closed, their OTP token retrieved and disabled.

Info Salons is dedicated to keeping its technology and quality management systems constantly under review. New technologies such as the OTP will be implemented as they become available, and where the company believes that the technology can enhance their already world class procedures. Info Salons' commitment is to take every possible step to protect your data.