ProCirrus Security

At ProCirrus Technologies, security is a fully integrated and multilayered strategy of system services, managed devices and best practices that combine to ensure the highest levels of client security. ProCirrus undergoes annual SSAE16 Type II SOC1 and SOC2 audits to validate our internal practices and procedures. Additional information is available upon request.

Although we are an important link in the regulatory compliance and client security required by the professional services firm, it is important that ProCirrus clients maintain adequate internal policies in concert with our services.

SOC_ProCirrus_2016-2017.gif
Some cloud providers improperly market the AICPA Seal earned by their collocation partners to infer their own compliance. As you review cloud hosting partners, be sure to confirm that the provider actually undergoes adequate third party audits.

Security highlights

Physical Security

  • Data centers' access is monitored, tracked and strictly limited through 2-factor bio metric authentication (finger print and iris scan)

  • Redundant security features including 24/7/365 motion, video and electronic intrusion monitoring.

  • The Closed circuit video cameras cover the interior and exterior of the building

  • Secure and low-profile facilities with Security fence surrounds perimeter of property

  • Armed Security guards on-site 24x7x365 with Active patrol both inside and outside facility       

  • Redundant UPS systems and Generator Power Backup to ensure constant power.
  • Power: Electrical redundancy is achieved via two (2) feeds from separate substations that power three (3) on-site 40MVA transformers

  • Power: All power cabling below floors is installed in either conduit or seal tight flexible conduit with approved connectors to all equipment

  • Fire Suppression, powered by Waterless Fire Suppression System.
  • Cooling: N+1 configuration for chiller, pumps and cooling towers

  • Cooling: Over 600 CRAH units (30-ton and 70-ton), provide air flow to raised floor space

  • 100% of data stored in continental United States on ProCirrus managed equipment.

Network security

  • Gateway anti-virus, anti-spyware, intrusion detection and prevention with application intelligence controls for real-time network protection against sophisticated attacks.

  • Remote backup services utilize up to a 448 Bit encryption key for a military level of data protection.

  • OVAL based vulnerability scanning for internal audit and enforcement-(OVAL is the security standard endorsed by the US Computer Emergency Readiness Team and Homeland Security).

  • SCAP based vulnerability management, measurement, and FDCC, FISMA, and/or DoD 8500.2/8510 policy compliance.

  • Lumension's Digital Fingerprint technology to reliably assess and remediate software vulnerabilities.

  • Daily third party intrusion testing and remediation

  • Restrictive Firewall management limiting access to approved transactions only.

  • Redundant, high volume, internet service pathways to ensure uninterrupted service from data centers

  • Data center servers, storage, gateway and software redundancy that can sustain multiple unlikely failures without service interruption

System security

  • Best practice system patching to provide ongoing protection from exploitation in near real-time

  • Next-Generation Anti-virus + EDR protects all running processes and applications with advanced predictive models to analyze complete endpoint data and uncover malicious behavior to stop all types of attacks before they compromise your system (malware, advanced malware, non-malware attacks and ransomware.)

  • All data is protected by real-time, simultaneous and redundant storage- guarding against unlikely multiple drive and array failures.

  •  Optimized operating systems limit necessary services required to run an application, thus limiting the potential exposure points.

  • Dedicated firewall and VPN services to prevent unauthorized system access.

  • Least access policies limit access to files, services and applications to authorized users only

  • Extended Validation Certs that utilize AES SHA256 bit SSL encryption with RSA 2048 Keys

  • All applications are presented through a secure, 256 bit encrypted user portal throughout entire session

  • Dedicated intrusion detection devices provide an additional layer of protection against unauthorized system access.

Operational security

  • Automated data backup including daily recovery points for the most recent seven (7) days and one weekly recovery point for each of the three weeks prior to the seven daily recovery points.
  • ProCirrus requires all associates to pass federal and local background checks and execute a comprehensive confidentiality agreement acknowledging the Economic Espionage Act, 18 U.S.C. § 1831 et seq. ("EEA")
  • ProCirrus requires all third parties to execute non-disclosure agreements
  • Secure data destruction policies comply with 17 standards including: DoD 5220.22-M; NAVSO P-5239-26 (RLL) & (MFM).
  • Server-side configuration settings which are user-side independent, mandate user security adherence.
  • Best practice generation, transmission and storage of system passwords.
  • End-user guidance in developing client-side compliance with regulations like GLBA and HIPAA.
  • 100% US based user support via Chat, Email, Support Site Tickets and Phone.
  • Fully documented SDLC, change management and business continuity and disaster recovery policies.
  • Creation of and adherence to best practices as defined by governing bodies and industry leaders.
  • Real-time redundant data storage protection from physical device failure

  • 100% of data stored in continental United States on ProCirrus equipment.

     

If you have questions or concerns regarding this security statement, please contact ProCirrus Technologies at info@procirrus.com

PoliciesDan Shelton