Security
Networking and Monitoring
- SOC 2 Type II ensures that the necessary security systems and controls are in place and operating effectively
- Certified SOC2 Type II audits are undertaken annually by independent auditors
- Unique VPN profiles maintained to limit access to minimum locations necessary
- All production systems continuously monitored by a system with SMTP and SMS alerting capabilities
- Custom and automated checks performed within the system to monitor specific elements
- Web portal available for DIG staff to perform real-time status checks
- DIG’s system itself monitored externally by a data center NOC to ensure that all systems remain available
Data Availability and Backups
- Data maintained on systems using redundant disk arrays and redundant power supplies
- Systems and data are backed up nightly
- All data is encrypted in transit and at rest
- Backups monitored and verified with monthly restore capability testing
- Backup media is rotated offsite to ensure availability in the event of a physical disaster
- An extensive disaster recovery and business continuity plan ensures minimal down-time in the event of massively disrupting events
Authentication, Authorization, and Auditing
- Maintained via active directory infrastructure or AAA servers withing production infrastructures
- Unique usernames and passwords required. Credentials are regularly updated
- Access limited to least privilege
- Multi-factor authentication protects systems and data assets from unauthorized access
- Audit logs from servers, firewalls, IDS, etc. reviewed daily by IS team
Secure File Transfer
- Data transfers into or out of DIG’s infrastructures use session layer encrypted tunnels via SFTP or HTTPS
- Access to these systems requires unique usernames and passwords
- Optional file-level encryption through in-house or proprietary PKI infrastructures
Physical Security
- Secured Tier-3 facility manned 24/7
- Monitored by external and internal video surveillance
- Perimeter access via card swipe/PIN combination and/or escorted and assisted by a facility engineer
- Interior access to data center controlled via card swipe/PIN combination into a mantrap with final ingress requiring a card/biometric swipe combination
- Each rack secured via lock on front and rear doors
Additional Security Features
- Redundant power with generator backups
- Monitored by external and internal video surveillance
- Multi-vendor, redundant commodity Internet bandwidth
- Redundant cooling
- Fire suppression controlled by pre-action delay dry system with warning and alerting infrastructure