Physical Security
- All entrances/exits require badge access and are digitally recorded
- 24/7 surveillance system utilizes cameras and motion sensors
- 24/7 monitoring of alarms by professional response team
- Badge access permissions follow rule of least privilege
Personnel Security
- Comprehensive background checks for all new hires
- All employees sign NDA protecting client confidentiality
- Continual IT security awareness training
Data Transfer and Storage Security
- Encrypted client connections via VPN, Citrix, and/or SFTP for all data transfers
- Data Isolation – stored independently to ensure privacy and confidentiality
- Data Classification – increasing security measures applied to more sensitive data
- Data access controls follow the rule of least privilege
- DoD Standard 5220.22-M is followed for the destruction of all old media
- All data encrypted at rest
Network Security
- Enterprise-level secure gateway
- Real-time network health monitoring
- Regular internal and external vulnerability assessments and penetration tests
- Standardized patch management process for all network devices
- Enterprise-level endpoint protection
Compliance
- Annual SOC 1 & 2, Types 1 & 2 certification by a third-party firm
- Internal development follows a formal change control management process
- Incident response team to identify, contain, and recover from events
- Risk Management – ongoing process to analyze, assess, remediate, and report on risks
- Actively tested business continuity procedures to handle short or long-term disruptions
