Your online identity

Security Policy

1. INTRODUCTION

This XRI Security Policy (the 'Security Policy'), sets forth the security commitments of Cannon Tomlinson Mansley Ltd, 5 Stow Court, Stow Road, Stow-cum-Quy, Cambridgeshire CB25 9AS, United Kingdom ('I-Broker') to our Registrants and to maintaining and preserving the integrity of the XRI infrastructure.

2. DEFINITIONS

  1. Diligent Efforts. 'Diligent Efforts' means, with respect to a given goal, the application of material and substantial energy toward the achievement of that goal as expeditiously as possible.
  2. Global Services Specifications (GSS). 'Global Services Specifications' or 'GSS' shall mean the specifications published by XDI.ORG governing the operation of operation of services offered by XDI.ORG and its authorised agents. The GSS is set forth in Exhibit A of this Agreement and http://gss.xdi.org.
  3. Registrant. 'Registrant' means an individual or organisation that enrolls with I-Broker to obtain a service from the GRS Registry System.
  4. Registration Agreement. 'Registration Agreement' means the document under which a Registrant registers with I-Broker for one or more services from the GRS Registry System.
  5. Service. 'Service' means services provided by I-Broker in connection with the XRI under this Registration Agreement, and includes contracting with Registrants, collecting registration data about the Registrants, and submitting registration information to a Contact Agent or Contact Data Custodian.
  6. XRI. 'XRI' means the URI-compatible scheme and resolution protocol for abstract identifiers used to identify and share resources across domains and applications as set forth by the OASIS XRI Technical Committee (http://www.oasis-open.org/committees/xri/). Other terms used in this Agreement as defined terms shall have the meanings ascribed to them in the context in which they are defined, or, if not defined herein, shall have the definitions set forth in the I-Broker Agreement.

3. I-BROKER'S SECURITY COMMITMENTS

I-Broker hereby warrants and represents that it will take the following steps to assure security with respect to XRI registration and use:
  1. ISO 17799 Certification. I-Broker has undertaken to secure ISO 17799:2005 certification. ISO 17799:2005 is the current Code of Practice for Information Security Management.
  2. Authentication & Passwords. I-Broker systems shall require account passwords to be changed on a annual basis. I-Broker will never ask Registrants for their passwords whether by phone, email, or other communication means. Registrants are advised never to disclose their account passwords to anyone else. Registrants are solely responsible for keeping and maintaining the secrecy of their passwords. I-Broker recommends that Registrants use passwords with the following attributes:
    1. At least eight characters in length;
    2. Contain both upper and lower case characters
    3. Use numbers and punctuation characters as well as letters.
    4. Not identical to a word found in a dictionary (spelled forwards or backwards);
    5. Not personally identifiable information such as a birth date, address, bank account number, or phone number;
    6. Not easily discoverable information such as a maiden name, spouse's name, parent's name, child's name, pet's name, street name, school name, etc.
  3. Data Protection. I-Broker will use Diligent Efforts to assure the integrity and confidentiality of data that Registrants provide as part of the registration or account management process. I-Broker shall provide those minimum assurances of privacy in such data as set forth in the privacy policy set forth at http://equalsyou.com/policies/privacy.html.
  4. Survivability. I-Broker maintains and complies with a comprehensive survivability policy which can be found at http://equalsyou.com/policies/survivability.html.
  5. Accountability. I-Broker maintains and complies with a comprehensive accountability policy which can be found at http://equalsyou.com/policies/accountability.html.
  6. ASP's. Application Service Providers provided by, to or through I-Broker shall be able to demonstrate compliance with I-Broker's minimum security requirements. I-Broker may revise or improve these standards over time.
  7. Conformance with XRI Global Security Policy. I-Broker shall assure that this Security Policy is in conformance with the XDI.org Global Security Policy.
  8. Audit. I-Broker reserves the right to audit its owned or controlled networks and systems on a periodic basis to ensure compliance with this policy.

4. MODIFICATIONS

This policy may be updated from time to time. Proposed alterations shall be posted at http://equalsyou.com/policies/security.html not less than thirty days in advance of the date such alterations shall take effect.