Net Logistics attains ISO 20000 Certification

About Karthick Rajendran

Net Logistics attains ISO 20000 Certification

ISO20000 We are happy to announce that Net Logistics has attained ISO 20000 certification for IT Services management. We started preparation for this certification earlier this year and the external audit was conducted on the 22nd of October 2013. This audit was successfully completed and the ISC have certified Net Logistics to be ISO 20000 compliant.

Net Logistics will be listed under ISC, APMG and JAS-ANZ as an ISO 20000 certified organisation.

ISO/IEC 20000 is an international standard that allows organisations to demonstrate excellence and prove best practice in IT service management. The standard allows IT service provider organisations to achieve conformance to a service management system which requires them to continually improve their delivery of IT services. It aligns to the IT infrastructure library (ITIL) best practice framework.

Further information can be found at the following links:

http://www.apmg-international.com/en/qualifications/isoiec20000/iso-iec-20000.aspx

http://cab.jas-anz.org/CABPublic/Pages/CompanyDetails.aspx?CabID=NdbNh2NlQqE=&CoredetailsValue=auyNgDwRGgM=

New Announcement System

Net Logistics makes every effort to avoid service interruptions – we design and deploy all of our systems and services with redundancy as a core feature. When selecting vendors for hardware, networking and software we never skimp on quality to save a few bucks. We have strict procedures in place to minimise any sort of human error and we have numerous systems in place to ensure that once your data is on our servers, it is secure from outside attackers.

Even after all this careful planning, occasionally circumstances conspire to thwart these efforts and regardless of the cause, we understand the need to be transparent with our clients when issues do arise. We need to keep them updated with what is happening and what we are doing to rectify the problem. In doing this, we help to retain the confidence of our clients whilst at the same time minimising load on our support staff. This helps to avoid increased response times on phone calls and support tickets unrelated to the service interruption.

Until now, all service announcements were placed in an “Announcements” subforum at https://forum.netlogistics.com.au. In time, it became apparent that a number of issues existed with this approach, with the most obvious being that the forum is hosted within our own infrastructure and could potentially be unavailable to our clients if we ever suffered some kind of large scale service interruption.

To mitigate the issues we identified with our previous system, we’ve implemented a new Service Status website at http://www.netlogistics.info/

This website provides announcements for any service interruptions across Net Logistics’ infrastructure and is completely independent of all Net Logistics systems and so will not be affected by any outages we may be experiencing. We recommend that all Net Logistics clients bookmark this page.

“Remember Password” and Security Issues

Recently, we added a few new fields to our ticket submission form. This allows the customer to fill all relevant login details when submitting a support ticket, including their account username and password.

  • Please let me take this opportunity to remind you to use the helpdesk when submitting tickets. Try and avoid sending an email to submit a ticket. In the near future, we will be upgrading our helpdesk software, and we will be disabling email communication. There will be email notification, so you will receive the replies via email, but customers will be unable to submit a ticket via email. They will need to log in to the helpdesk interface to submit a ticket. This removes confusion as to whether we have received a ticket or not, and it is also more secure than email as we force the helpdesk to load using SSL.
Back to the topic, you are probably aware of the “Remember Password” feature in most browsers. You would probably also assume that the field name is used to store data in the browser, so that the data is only valid for that particular form, on that particular site. The following may be of interest to developers who deal with multiple forms on a single domain/site.

When we tried to implement similar field types for two separate forms within the same domain, what we found completely surprised us. Most browsers use the text description within the <form> tags to identify each field. This means that if you have two sets of forms, asking for the same type of data by text description, for example username and password, then the browser will attempt to autofill all forms under that domain with the data that may have been saved for another form. Most browsers completely ignore the fact that the field name/id is completely different in both forms.

Why is this relevant/important? Let’s say you have a billing system which allows the user to log in and check their invoices. At the same time, you have an option for that user to sign up for a new service and you ask for that user to provide a username and password for their new account. Most browsers will fill the username and password field with irrelevant data even though the html names of those fields are different to the login form. Not only is the data irrelevant but it is certainly can become a security issue if the multiple forms on a site are designed incorrectly.

There is a work around though. It is possible to tell the browser not to allow the “remember password” feature on certain forms. To achieve this, simply add the following code to the opening form tag:

autocomplete='off'


This, however, is only an official standard for HTML5, although from our testing most browsers will co-operate regardless of the document type. This technique can also be used to stop the browser from saving sensitive information such as credit card numbers.

On the client end, it is never a good idea to save passwords into a browser anyway. The data is not encrypted and can be easily viewed by anyone that has access to the browser. Instead, use tools such as Keepass (Open Source) or 1Password (Commercial) to store sensitive information such as login details.