Secure Data Center Hosting
- All StormSource systems are hosted in high security Rackspace Cloud data center facilities or similar tier 1 high security infrastructure providers, utilizing cloud server infrastructure.
- Unless indicated otherwise by separate written agreement, all enterprise accounts are hosted in facilities within the United States.
- StormSource employees do not have physical access to the data hardware and infrastructure.
Physical Security - Facilities
- Video monitoring of entrances and common areas 24x7
- Only Level-3 Technicians permitted access to controlled areas
- Technicians subject to dual-biometric authentication process
- Extensive background checks conducted on each employee
- Public access expressly forbidden
System Security - Protecting Electronic Data
- Information restricted to authorized users via systems and policies
- Access to sensitive information, like account data and billing information, is only available to those whose job responsibilities require access
- User names and other private data tightly protected with access controls
- Daily backups on data centers securely stored in geographically separate locations
- Each time the system is accessed, the entry is recorded and tracked
- Carrier-grade equipment from providers like Cisco, Dell, HP, and others
Power Continuity - Operating in the Event of a Power Outage
- Uninterrupted Power Supply (UPS) with N+1 redundancy and immediate failover, plus an onsite diesel generator
- Rackspace is first in line for private sector power restoration after major outages
- In the event of equipment failure, there are dual power paths and multiple network paths with multiple service providers
- Fire suppression system prevents fires from spreading to other areas
- All cables secured with cable racks suspended from ceilings to prevent accidental damage
- Redundant Internet Connections
- To provide multiple redundancies in the flow of information to and from data centers, Rackspace partners with nine network providers.
- Only fully redundant, enterprise-class routing equipment is used in Rackspace data centers.
- Fiber carriers enter data centers at disparate points to guard against service failure.
- In partnership with its data center resources, StormSource provides a secure network infrastructure in order to protect the integrity of your data and mitigate risk of a security incident.
- StormSource employees may be required to access personally identifiable data in order to do their jobs (i.e. support personnel). All such employees are limited in number, and are committed to StormSource privacy policies.
- All StormSource employees reside in United States and execute non-disclosure agreements, which provide explicit confidentiality protections. Any employee who violates StormSource privacy and/or security policies is subject to possible termination and civil and/or criminal prosecution.
- All StormSource employees are fully screened prior to employment, including standard criminal background checks, references, and credit checks.
- Upon termination of employment from StormSource, all access to StormSource systems, client data and customer data is immediately terminated via the lockout/change of system logins and passwords.
128-bit Secure Socket Layer Data Encryption
- All employee and customer/end-user (if applicable) access to the Appointment-Plus system utilizes SSL encryption. All data are encrypted with 128-bit SSL.
Complete Audit Trail
- StormSource continuously maintains a complete audit trail for all server and database access.
Testing and Maintenance
- StormSource systems are continuously tested, improved and maintained.
- Process management is governed by industry best practices. StormSource subjects all of its processes and procedures to regular third-party audits as part of its commitment to quality.
- StormSource technical staff receives automatic email/SMS alerts for any unusual activity or server outages.
- Dependable access to the StormSource system and your data is essential to your business. StormSource has served mission-critical client needs for over a decade, including providing online solutions to some of the world’s largest and most demanding organizations.
- Client level access to export all data via Excel and web services (if applicable).
- Historical uptime better than 99.9% across the entire StormSource system.
Security Incident Response
- StormSource maintains a data Security Incident Response Plan (SIRP).
- The StormSource SIRP designates Security Incident Response Team to deal with potential data security incidents.
- The StormSource SIRP requires notification to affected StormSource customer accounts in a commercially reasonable time frame in the event of a Security Incident that:
- Involves unencrypted personal information;
- Involves a material breach of data;
- Does not put other StormSource system data at risk of breach; and
- Is not the subject of a criminal investigation or order of competent jurisdiction barring customer account notification.