Â鶹¹û¶³

We Obsess Over Data Protection

Protection of customer information is a crucial element of our business model. It is integrated into our culture in the form of policy and procedure formalizations and supporting controls. We architect our product/service delivery environment and support systems using secure cloud-computing models. To ensure our secure architecture operates according to performance and security specifications, we have implemented an Information Security Program using the ISO/IEC 27001/27002 and AICPA¡¯s Trust Services Principles as our security frameworks.

How We Protect Your Data

To achieve our commitment to our security and privacy principles, Â鶹¹û¶³ has implemented the following:

• We continuously review our security & privacy measures to ensure any customer data we collect and process on our systems is adequately protected.
• We train our employees on security and privacy practices (1) upon hire, (2) continuously during their employment, and (3) annually.
• Our third-party vendor contracts contain terms to ensure the vendors processing customer data have adequate data protection and privacy controls.
• We have integrated our security & privacy controls into our organizational standard operating procedures.
• We use our own Managed Detection and Response solution for detecting and responding to threats within our environment. We use our Managed Risk solution to determine end-point vulnerabilities and manage and prioritize patching to reduce cyber-risk exposure.
• Our comprehensive organization wide Information Security Management program takes a risk-based approach to implementing defense-in-depth security controls. Some of the key security
controls include:
• Maintenance of Information Security Policies
• Background checks for Â鶹¹û¶³ employees to the extent permitted by law
• Mandatory new hire, continuous and annual security awareness training
• Vendor security & privacy risk management processes
• Information classification, handling, & retention processes
• Use of Â鶹¹û¶³¡¯s Managed Detection and Response and Managed Risk solutions in its own environments
• Limiting access to customer data based on least privilege principles
• Ongoing management of workers¡¯ access to customer data
• Endpoint Protection for Â鶹¹û¶³ managed devices
• Network Security
• Change management processes
• Patch Management for End Points
• Secure Software Development Lifecycle processes
• Business Continuity and Disaster Recovery processes
• Information Security Incident Response processes