At ProCirrus Technologies, network security is a fully integrated and multilayered strategy of system services, managed devices and best practices that combine to ensure the highest levels of client security. ProCirrus undergoes annual SSAE16 Type II SOC1 and SOC2 audits to validate our internal practices and procedures. Additional information is available upon request.
Although we are an important link in the regulatory compliance and client security required by the professional services firm, it is important that ProCirrus clients maintain adequate internal policies in concert with our services.
- Data center access is monitored, tracked and strictly limited through multi-factor authentication.
- Real-time redundant data storage protection from physical device failure.
- Redundant security features including 24/7/365 motion, video and electronic intrusion monitoring.
- Secure and low-profile facilities with on-site support, security and monitoring.
- Redundant UPS systems and 600KW Generator Power Backup to ensure constant power.
- Fire Suppression, Powered by an FM-200 Waterless Fire Suppression System.
- Redundant HVAC environmental cooling systems and internet connectivity.
- 100% of data stored in continental United States on ProCirrus managed equipment.
- Gateway anti-virus, anti-spyware, intrusion detection and prevention with application intelligence controls for real-time network protection against sophisticated attacks.
- ProSave remote backup services utilize up to a 448 Bit encryption key for a military level of data protection.
- OVAL based vulnerability scanning for internal audit and enforcement-(OVAL is the security standard endorsed by the US Computer Emergency Readiness Team and Homeland Security).
- SCAP based vulnerability management, measurement, and FDCC, FISMA, and/or DoD 8500.2/8510 policy compliance.
- Lumension's Digital Fingerprint technology to reliably assess and remediate software vulnerabilities.
- Frequent external, 3rd Party auditing including Qualys (the leading provider of IT security risk and compliance management solutions).
- Restrictive Firewall management limiting access to approved transactions only.
- Redundant, high volume, internet service pathways to ensure uninterrupted service from data centers.
- Data center servers, storage, gateway and software redundancy that can sustain multiple unlikely failures without service interruption.
- Best practice system patching to provide ongoing protection from exploitation in near real-time.
- Anti-virus software protects all running processes and applications with real-time threat definition updates.
- All data is protected by real-time, simultaneous and redundant storage- guarding against unlikely multiple drive and array failures.
- Optimized operating systems limit necessary services required to run an application, thus limiting the potential exposure points.
- Dedicated firewall and VPN services to prevent unauthorized system access.
- Least access policies limit access to files, services and applications to authorized users only.
- 128 bit SSL with 2048 bit keys and a certificate authority utilizing SHA1 hashing, which prevents collisions with malicious certs.
- All applications are presented through secure, encrypted user portal throughout entire session.
- Dedicated intrusion detection devices provide an additional layer of protection against unauthorized system access.
- Automated data backup including daily recovery points for the most recent seven (7) days and one weekly recovery point for each of the three weeks prior to the seven daily recovery points.
- ProCirrus requires all associates to pass federal and local background checks and execute a comprehensive confidentiality agreement acknowledging the Economic Espionage Act, 18 U.S.C. § 1831 et seq. ("EEA")
- ProCirrus requires all third parties to execute non-disclosure agreements
- Secure data destruction policies comply with 17 standards including: DoD 5220.22-M; NAVSO P-5239-26 (RLL) & (MFM).
- Server-side configuration settings which are user-side independent, mandate user security adherence.
- Best practice generation, transmission and storage of system passwords.
- End-user guidance in developing client-side compliance with regulations like GLBA and HIPAA.
- 100% US based user support via Chat, Email, Support Site Tickets and Phone.
- Fully documented SDLC, change management and business continuity and disaster recovery policies.
- Creation of and adherence to best practices as defined by governing bodies and industry leaders.
If you have questions or concerns regarding this security statement, please contact ProCirrus Technologies at email@example.com