Information and Data Security Compliance Statement
Printer friendly version
Article # 745
The following is E Street’s corporate statement regarding our data security program, and procedures in our ever-evolving commitment to information security and compliance programs. For PCI DSS See: kb.estreet.com/article.lasso?article=663
E Street infrastructure is enabled within our privately owned Tier III Data Center facility composed of multiple active power and cooling distribution paths, emergency backup power generator, with individual component redundancies, providing historical uptimes of over 99.999% availability. Our facility employs industry best-practices, including badge challenge/response access entry systems. Cameras and motion sensing equipment monitor these locations 24 hours a day, 365 days a year. Only authorized personnel are allowed inside the E Street facilities and all accesses are recorded.
SSL Data Encryption
E Street uses Secure Socket Layer (SSL) technology with (AES-256) 256-bit high-grade encryption in our development processes and makes the technology available for our network customers, for mutual authentication, data encryption and data integrity. SSL utilizes a protocol to create a uniquely encrypted channel for private communications over the public Internet. Each SSL "Certificate" consists of a public key and a private key. The public key is used to encrypt information and the private key is used to decipher it via supported applications such as web browsers, VPN’s, and Email client software etc. SSL is the industry standard security protocol to encode sensitive information, such as credit card numbers and personal information passed via the public Internet.
Local Data, Physical Redundancy and Offsite Backups
E Street core customer data and select application data is backed up locally to different redundant backup servers nightly. We maintain redundant web and database servers, fully configured with all software and data, so the in the event of a failure back up data can be made available. E Street customer data is also backed up to onsite and offsite secure locations. In addition E Street backup solutions are an available offering for our managed server, Tech Services and colocation customers. Each E Street backup storage is enabled with its own (AES-256) 256-bit high-grade encryption to ensure valuable customer data is always secure. Our on and offsite backup locations boast high-quality redundancy accessible over enterprise level connections between our storage locations.
Access and Event Monitoring
E Street maintains and regularly reviews, a real-time and long-term event and login access monitoring system. These systems help us meet host-based event management objectives to assist with adherence to the demands of regulatory compliance requirements such as CPNI, HIPAA, and PCI.
Ongoing Periodic Security Vulnerability Scans
E Street conducts daily security vulnerability scanning of key network resources, to identify potential security holes. Internal scanning identifies vulnerabilities in real-time, categorizes the detected risks, and provides recommendations and solutions for improvement.
Employee Integrity and Access Restrictions
E Street employees are required to review, understand, and sign confidentiality agreements that require them to maintain the strict confidentiality and security of client data. Access to confidential information is restricted to authorized personnel only. E Street employees do not have direct access to the production equipment, except when necessary for system management, maintenance, monitoring, technical support at the customer’s request, and enabling backups.
Data Security Compliance Statement
E Street products and services meet the physical and technical standards, and provide all necessary controls for our customers to maintain their administrative security compliance standards. Specifically, E Street agrees to assist with: Implementing administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected financial information that it creates, receives, maintains, or transmits on behalf of our customers. E Street implements reasonable and appropriate safeguards to protect our customers’ core business, financial and personal information. Furthermore, E Street agrees to report to our customers and applicable law enforcement agencies, any verified incidences of security breaches of data into the wild and will authorize and assist with the investigation of any customers in the case of any material breach of this compliance statement.
Article # 745