As a leading provider of enterprise consent and preference management solutions, we understand how important it is to protect our customer’s data. Just as we go to great lengths to protect our client's privacy, we do the same to protect their data and provide a high level of system performance and reliability. We protect your data by implementing and following a strict protocol of security and compliance measures.
CompliancePoint’s Data Centers: Our highly secure data centers are hosted at QTS facilities with extensive physical and virtual safeguards in place.
Data Security Certifications and Policies: Our policies and practices are designed to provide our customers with peace of mind for regulatory compliance.
CompliancePoint understands that the confidentiality, integrity, security and availability of our customers' information are vital to their business operations and our own success. We have stringent standards and processes in place to ensure data safety and integrity while maintaining a high-level of performance.
CompliancePoint's services are hosted on dedicated platforms at highly secure data centers. We have a data center in Suwanee, Georgia and another in Irving, Texas (view links for data center specifications and details).
Highlights of the access security measures in place include:
Many of the additional security measures in place at the Suwanee, Georgia and Irving, Texas data centers are proprietary and confidential. To view QTS’s stated security measures, visit their site here. The following provides a high-level description of some of the additional security measures in place.
CompliancePoint's Data Center has CCTV monitored on a 24/7/365 basis and a private security force. There are no personal computers in the data storage area, only servers which are housed in a secure private cage. Any hardware brought into or removed from the data center is tracked and records are kept by Data Center Services (Quality Technology Services, the data center owner) and CompliancePoint's facilities manager.CompliancePoint's data center uses an environmentally-friendly power supply system that incorporates a steady stream of power from the local utility company and back-up power using constant power supply (CPS) and diesel generators. With the CPS system, there is no need for battery-powered UPS units.
CompliancePoint offers SSL for secure HTTP connections between a customer's computer and our servers in the data center. Any data that is sent encrypted remains encrypted. Additionally, intruder detection as well as fire detection and suppression systems are in place. Server, firewall, and critical system logs are reviewed, at a minimum, on a daily basis.
All customer data is stored in secure QTS data centers and is replicated over secure links to a disaster recovery data center. This design provides the ability to rapidly restore application services in the event of an outage or loss of a primary data center.
CompliancePoint's network components and servers use a redundant configuration to help ensure availability. All customer data is backed up daily with incremental backups made hourly. Backups are made to disk and disks are archived monthly off-site by Iron Mountain in their secure facility.
CompliancePoint's Systems Department is charged with securing all network resources, both centralized and decentralized, and has the responsibility and authority to monitor network traffic to confirm that security practices and controls are adhered to and are effective. All security monitoring shall be executed in accordance with CompliancePoint Information Security policies. CompliancePoint maintains certain privacy and security certifications as well as policies `that apply to all information handling processes.
CompliancePoint recognizes that our customers are subject to laws that govern the handling of personal information. We seek to support our customers' compliance with such laws by providing a comprehensive privacy and security program that includes certifications (e.g. PCI DSS), policies, practices, people, and technology. CompliancePoint does not specifically store, process and/or transmit cardholder data as a part of our business transactions but we have chosen to maintain our environment in compliance with PCI DSS.
CompliancePoint’s comprehensive privacy and security program includes communicating with personnel and customers about current issues and best practices.
Upon hiring, each employee undergoes training on CompliancePoint's Information and Data Security policies and must sign a statement that they have received such training. Updates to the Information and Data Security training are conducted as necessary throughout the employee's tenure at CompliancePoint.
CompliancePoint strongly encourages all customers and users to adopt industry-standard solutions to secure and protect their authentication credentials, networks, servers, and computers from security attacks. CompliancePoint contacts customer administrators about specific security issues when warranted. Additionally, all CompliancePoint personnel are required to follow CompliancePoint's confidentiality, privacy, and information security policies.