This framework includes policies and controls for common concerns

Physical Security
  • All entrances/exits require badge access and are digitally recorded
  • 24/7 surveillance system utilizes cameras and motion sensors
  • 24/7 monitoring of alarms by professional response team
  • Badge access permissions follow rule of least privilege
Personnel Security
  • Comprehensive background checks for all new hires
  • All employees sign NDA protecting client confidentiality
  • Continual IT security awareness training
Data Transfer and Storage Security
  • Encrypted client connections via VPN, Citrix and/or SFTP for all data transfers
  • Data Isolation – stored independently to ensure privacy and confidentiality
  • Data Classification – increasing security measures applied to more sensitive data
  • Data access controls follow rule of least privilege
  • DoD Standard 5220.22-M is followed for destruction of all old media
Network Security
  • Enterprise level secure gateway
  • Real time network health monitoring
  • Regular internal and external vulnerability assessments and penetration tests
  • Standardized patch management process for all network devices
  • Enterprise level endpoint protection
Compliance
  • Annual SSAE 16 Type II certification by third party firm
  • Internal development follows a formal change control management process
  • Incident response team to identify, contain and recover from events
  • Risk Management – ongoing process to analyze, assess, remediate and report on risks
  • Actively tested business continuity procedures to handle short or long term disruptions