Trust Center
Infrastructure Security
Unique account authentication enforced
Production application access restricted
Access control procedures established
Production database access restricted
Firewall access restricted
Production OS access restricted
Production network access restricted
Access revoked upon termination
Unique network system authentication enforced
Remote access encrypted enforced
Intrusion detection system utilized
Network segmentation implemented
Network firewalls reviewed
Network firewalls utilized
Network and system hardening standards maintained
Service infrastructure maintained
Organizational Security
Asset disposal procedures utilized
Portable media encrypted
Anti-malware technology utilized
Employee background checks performed
Code of Conduct acknowledged by contractors
Code of Conduct acknowledged by employees and enforced
Confidentiality Agreement acknowledged by contractors
Confidentiality Agreement acknowledged by employees
Performance evaluations conducted
Password policy enforced
Visitor procedures enforced
Product Security
Control self-assessments conducted
Penetration testing performed
Data transmission encrypted
Vulnerability and system monitoring procedures established
- vulnerability management;
- system monitoring.
Internal Security Features
Continuity and Disaster Recovery plans established
Continuity and disaster recovery plans tested
Cybersecurity insurance maintained
Configuration management system established
Development lifecycle established
Board oversight briefings conducted
Board charter documented
Board expertise developed
Board meetings conducted
Backup processes established
System changes externally communicated
Management roles and responsibilities defined
Organization structure documented
Roles and responsibilities specified
Security policies established and reviewed
Support system available
System changes communicated
Access requests required
Incident response plan tested
Incident response policies established
Incident management procedures followed
Physical access processes established
Data center access reviewed
Company commitments externally communicated
External support resources available
Service description communicated
Risk assessment objectives specified
Risks assessments performed
Risk management program established
Third-party agreements established
Vulnerabilities scanned and remediated
Data and privacy
Customer data deleted upon leaving
Data classification policy established