Hosted Data Security
Whether using our hosted analytics platform or receiving
valuations data, our goal is to maintain the highest levels of data
security possible. This means adopting a culture of
information security best practice throughout the business to
ensure the three pillars of availability, integrity and
confidentiality are maintained for our clients.
At the heart of StatPro's data security programs are globally
recognised standards that provide the framework for managing client
systems and client data. Keys components of this framework
are:
Information security
committee
- Providing senior management commitment to
overall information security within the company.
- Staff awareness programs making information
security part of everyone's job role.
- Reviewing and updating security policies
and procedures in line with changing requirements or
incidents.
Access control
- User management – creation of unique user
accounts in line with documented procedures.
- Secure access token management and
distribution.
- Segregated client data network with
restricted and logged access from other internal StatPro
networks.
Secure
communications
- Secure SLL encrypted sessions are always
used when transferring sensitive data between StatPro and
clients.
- Web based hosted applications use https
sessions for authentication with unique two factor access
tokens. Application sessions are delivered via encrypted
Citrix ICA streams.
- Our market valuation data delivery system
can support Secure FTP, FTP over SSL and PGP encrypted files for
secure delivery over any transmission protocol including
email.
Physical security
- Restricted access to all data processing
facilities.
- Visitor management process – logged and
auditable.
- Redundant power, cooling and connectivity
in all data centre facilities.
Information security
standards
- London facilities audited to ISO27001
standards.
- Toronto and Montreal facilities SAS70
compliant.
- Ongoing company commitment to the highest
information security standards.
Back
