Information Security
Your data's security is our top priority. As an ISO 27001 certified organization, we maintain comprehensive security measures across all aspects of our operations.
Key Highlights
- Dedicated IT Security Team Experienced professionals who live and breathe this stuff.
- ISO 27001 Certified For mission support, digital engagement, and information technology environments.
- Dual Data Centers Redundant facilities in Houston and Austin, Texas, USA.
- Making the Grade Successfully undergoing regular audits by our Fortune 500 clients.
Our Approach
Governance & Compliance
We maintain a comprehensive governance framework to protect your data:
- Mandatory Code of Conduct for all employees outlining data privacy obligations and IT resource usage
- Pre-employment background checks and annual security training for all staff
- Additional specialized training for employees handling sensitive data
- Confidentiality and non-disclosure agreements for all employees and contractors
- Investigation of all security incidents by our Chief Compliance Officer and General Counsel
Headquarters Physical Security (Houston)
Our facility maintains stringent security measures 24/7:
- Proximity card and photo ID access control system
- Continuously locked perimeter doors
- Isolated delivery area separate from critical operations
- Mandatory visitor sign-in and escort policy
- Job function-based access restrictions
- Immediate access revocation upon employee separation
Remote Data Center Security (Austin)
Our CyrusOne facilities provide enterprise-grade protection:
- SSAE 18 Type II and ISO/IEC 27001:2013 certifications
- PCI-DSS compliance with annual third-party audits
- 24/7/365 onsite security guards
- Comprehensive video surveillance
- Man-trap security doors preventing unauthorized access
- Advanced fire monitoring and suppression
- Segregated customer infrastructure
- Redundant facilities in Houston and Austin, Texas
User and Access Management
We implement strict access controls:
- Least privilege principle for all customer information access
- Management authorization required for system access
- Regular privilege reviews by IT Security
- Behavioral analysis monitoring for suspicious activities
- Immediate system access termination upon employee departure
- Enhanced controls for administrative access
Network and System Security
Our multi-layered security approach includes:
- Network perimeter intrusion prevention
- Data-at-rest encryption
- Regular software updates
- Off-site backup systems
- 24/7 security monitoring
- Network zone segregation
- Content filtering for risk reduction
- Encrypted remote access with multi-factor authentication
- Company-managed workstations for remote work
- Advanced email security filtering
- Anomaly detection for data access
- Regular vulnerability scanning
- Annual third-party penetration testing of our uvGO Mission Management Platform
- Comprehensive incident response planning
Business Continuity
Our resilience program ensures continuous operations:
- Structured recovery plans for critical functions
- Regular disaster recovery exercises
- Scenario planning for various disruptions:
- Weather events
- Facility access loss
- Pandemic response
- Cybersecurity incidents