System Description
Company Overview and Services Provided
Lockstep Network is a Software-as-a-Service provider that operates globally. We believe in the power of connection to make businesses smarter and teams more effective. We see a brighter future where diverse team members come together to transform the way they collaborate, harnessing the network to focus on the work that matters. Today, Lockstep Network offers two solutions:
- Lockstep Collect optimizes cash collection for B2B companies by automating customer interactions throughout the receivables lifecycle.
- Accounting Desk streamlines the accounting cycle with workflow automation for email-based processes.
Our proven solutions are integrated with the leading ERP and accounting software solutions in the industry.
Infrastructure
The infrastructure supporting LOCKSTEP NETWORK system resides as hosted environments on Microsoft Azure, using an Azure Active Directory for credential maintenance. Details pertaining to Azure Security can be found on Microsoft’s Trust Center.
Software
The following provides a summary of systems used to deliver the System:
- Azure DevTest Labs and Azure Virtual Machines.
- Windows Defender – used as an antivirus solution on production systems and workstations throughout the environment.
- Zendesk – used for helpdesk software
- Intercom – used for helpdesk software
People – link to webpage
Procedures
LOCKSTEP NETWORK Management maintains documented operating procedures and policies involved in the operation of their systems including:
- Information Security Policies and Procedures including:
- Change Control
- Data Retention and Disposal
- Paper and Electronic Media
- Network Security Administration
- Antivirus
- Backup
- Encryption
- Special Technologies Usage
- Software Development
- Incident Response Plan and Procedures
- Employee Identification
- Logging Controls
- Security Awareness and Acceptable Use
- Risk Assessment
- Employee Handbook
- Non-Disclosure Agreement
Control activities have been placed into operation to help ensure that actions are carried out properly and efficiently. Control procedures serve as mechanisms for managing the achievement of control activities and are a part of the process by which LOCKSTEP NETWORK strives to achieve its business objectives. LOCKSTEP NETWORK has applied a risk management approach to the organization in order to select and develop control procedures. After relevant risks have been identified and evaluated, controls are established, implemented, monitored, reviewed, and improved when necessary to meet the applicable trust services criteria and the overall objectives of the organization.
LOCKSTEP NETWORK control procedures, which have been designed to meet the applicable trust services criteria, are included in Section 4 of this report to eliminate the redundancy that would result from listing the procedures in this section as well.
Data
LOCKSTEP NETWORK’s data is controlled by the Control, Data Retention and Disposal Policies. Sensitive and confidential data is to be retained only as long as required for legal, regulatory, or business requirements and logical access to data is configured to deny all by default and provisioned based on job responsibilities. Confidential data is electronically transmitted to or by LOCKSTEP NETWORK by clients and third-party vendors an SFTP site.
Communication
Management is involved with day-to-day operations and is able to provide personnel with an understanding of their individual roles and responsibilities. This includes the ability to provide necessary training so that personnel understand how their daily activities and roles relate to the overall support of services. LOCKSTEP NETWORK’s Management believes that open communication throughout the organization ensures that deviations from standards are identified, reported, and appropriately addressed.