SECURE AND RELIABLE HOSTED SOLUTION
We host the AutoAlert® Application and our customer’s data at Amazon Web Services (AWS). We use managed services within the data center and have comprehensive service level agreements to provide the utmost security and reliability to our customers. We secure the data with enterprise-level firewalls, data encryption and we utilize IP restrictions to further secure access to the application and data.
ISO/IEC 27001:2013 CERTIFICATION
AutoAlert maintains the ISO/IEC 27001:2013 certification. This certification is evidence that AutoAlert has met rigorous international standards in ensuring the confidentiality, integrity, and availability of AutoAlert applications hosted in a cloud environment with the development, engineering, IT and other activities that support the applications.
SOC 2 TYPE II ACCREDITED
AutoAlert maintains the SOC 2 Type II accreditation. We are the only company in our market to achieve this critical accreditation. SOC 2 Type II is an external audit regularly conducted to verify the continuous effectiveness of our security controls. Our SOC 2 Type II accreditation is one of many achievements that clearly demonstrates AutoAlert’s dedication to our customer’s privacy.
DATA CENTER SECURITY
Below are measures taken by AutoAlert and our contracted data center to ensure the maximum level of client service and security:
- Physical access to the data center is tightly controlled through multi-zoned, multi-level access controls which monitors staff with video surveillance 24×7.
- Access to critical areas is controlled by company-issued photo ID, proximity and pin card system.
- Multiple layers of traffic filtering, intrusion detection systems and anti-virus protection are in place.
- A third-party security firm is employed to provide 24×7 security monitoring, security auditing and event analysis.
- Dual, simultaneous power paths are allocated to critical IT equipment. Separate UPS systems are in place to sustain a full power load and diesel generators provide replacement power in the event that utility power is lost.
The AutoAlert® application incorporates rich security features to ensure the security and privacy of our customers’ information.
Role-Based Access – Allows control of who can see, edit, export or delete data based on user’s role.
Security Policies – Password policies, failed login attempts, IP range address blocking, session timeouts and user activity is audited and logged.
Account Management and Auditing – User management tools to make it easy to oversee all user accounts and generate reports on all user activities.
Data Encryption – All web traffic is encrypted using RSA 2048-bit SSL encryption. Passwords stored on our servers are encrypted by strong hash algorithms.
DATA SECURITY POLICIES AND PROCEDURES
AutoAlert has implemented strict IT policies and best practices to protect and secure data.
Access Control Policies – Only employees with the highest clearance have access to AutoAlert’s customer data. Employee access is logged and passwords are strictly regulated. We limit access to customer data to only those employees who need such access to provide support and troubleshooting on a customer’s behalf.
Authentication and Encryption – Access to customer data is protected with strong passwords, file permissions, file encryption and properly configured firewalls. All data transported over wireless or public IP networks is encrypted.
Audit Policies – AutoAlert has implemented strict auditing processes to log and monitor access to customer data.
Data Protection – AutoAlert has implemented best practice firewall configurations, virus protection and intrusion detection policies to protect against viruses, trojans, spyware and other malicious software and attacks.
Disaster Recovery Plan – A comprehensive disaster plan is in place to ensure business continuity and to prevent data loss.
Physical Security – Policies and measures exist to physically protect data which include locked data rooms and storage, and workstation access restrictions. We also have strict policies regarding disposing of electronic equipment, hard disks or other media containing data, as well as maintaining an accurate inventory of all hardware components.
Employee Policies – Due diligence is performed in hiring of all employees and contractors who will have access to data which include reference checks, background investigations, and signed confidentiality agreements. All employees that have access to data also undergo training to ensure compliance with all IT policies.
General Data Protection Regulation (“GDPR”) Compliance – AutoAlert business activities and data protection practices, as a data processor within the European Union, are conducted in compliance with GDPR.