Professional Documents
Culture Documents
3 The upload functionality in the Since the uploading of document happens at HUL's end this
application does not check for any feature is not implemented by LegalDesk.com
viruses/malware in the attachments
5 Application did not have SSO Being worked on with HUL and will be implemented
functionality for UL users
10 All client data (unless specified) is If contract details are removed within 24 hours, then Both
disposed within 24hrs of signing of Parties must download Agreement within that timeframe,
Agreement on both sides. Query WHY else it will be lost.
11 Option for Usage of Aadhaar OR Dongle Dongle may be used at a later stage
7 How the equipment / media is disposed according to ISO control process listed in the ISMS manual
of securely when no longer in use
10 User authentication mechanism SSo integration via Azure for authentication, we are
working with HUL team to implement this
11 Multi factor authentication - can be email and password, third part will only be able to login
contextual using the email id provided by HUL during invitation and
the password assigned by Legaldesk.com
12 System level / IT admin accounts must We have implemented a network level firewall mechanism
access through a secure admin gateway for privileged access
or equivalent for internet accessible
systems
22 JML processes are in place and Could you please explain how JML process will work for this
monitored by Business / System Owner project?
23 Privileged application / business users Are there any privileged business application user from UL?
are reviewed on a quarterly basis by
Business Owner or delegate
24 System components are monitored to Do you use any system configuration compliance
ensure configuration compliance to process/tools? To check policy compliance?
identified standards
25 Info Sec controls are implemented and Do you have a DR plan/process?
maintained during Disaster Recovery
scenarios
** The above are not the final list of
evidences required for ISA. Based on
the assessment approach we might
require some more details
Action Status Unilever comments - based on Comments by Maryann/Namita
confirmation from LegalDesk/ UL Global
project team
LegalDesk Open Application inputs doesnt validate Noted.
team content.
EA & ISA Open Alok & Sarah to agree and confirm with - Alok agreed to remove Functionality of
LegalDesk retention for 24 hours only
- Agreed that data will be held as per
Retention policy of Unilever & this will
be confirmed by EA & ISA
EA Legal + Open Alok to brief EAs for complete clarity Follow-up meeting on authentication
Alok Workflow to be explained by LegalDesk process using Aadhaar and DSC dongle
scheduled for 5 May
Action Status Vivek comments - based on Comments by Maryann/Namita
confirmation from LegalDesk/ UL
project team
LegalDesk Open ISMS policies shared with keshav. Vivek
team to check and come back
4/517 : WIP
4/517 : WIP
Maryann Open Maryann and team to coordinate this Pradeesh and Avanade Accenture team
task with Email, identity, directory team are starting work immediately.
and LegalDesk Follow up meeting for clarifications - 3rd
May
4/517 : Email identity team is working DO in progress
on this. Maryann/Namita is tracking this
LegalDesk Open To be discussed internally on levaraging Vivek to define conditions that will
team contextual MFA trigger additional authentication
challenges, such as changes in
4/517 : Will confirm you soon geographic location or logins from
unrecognized devices.
8/5/17 : Could you please cofirm
whether the application access to
Unilever instance shall be resticted by
certain means, (Possibilities)
LegalDesk Open Do it through SSH of AWS, Wait for Team to share artifacts with
team - Internet acessible, over asset Vivek
authentication (certification)
- and user authentication
- to be verified as part of AWS reports,
which are about to be shared by
LegalDesk
Maryann Open
LegalDesk.com Comments
Articrafts will be shared to show SSH
access