• Data & Information Security

Customers across many different verticals, from aerospace to manufacturing, trust Assent with their data. Assent relies on industry best practices, robust security infrastructures and comprehensive policies built on the ISO 27001 framework to protect its information and data, along with that of its clients and partners.

Our internet communications are encrypted via HTTPS, SFTP and TLS, and customer data is secured using standard database encryption.

Assent is SOC 2 compliant and has a SOC 2 Type II report available upon request.

We use a third-party, Tier III data centre to host data at a facility that employs a two-stage biometric authentication process, video monitoring and an individually-locked cage.

APPLICATION SECURITY

Encryption:

  • Data in Transit: Internet communications are encrypted via Secure Hypertext Transfer Protocol (HTTPS), Secure File Transfer Protocol (SFTP) and Transport Layer Security (TLS).
  • Data at Rest: Customer data is secured using standard database encryption.

  • Separate Environments (DEV, QA, Staging, UAT, PROD): Development, testing and staging environments are separated from the production environment, both physically and logically.

    Data Segregation: All data provided by a customer is segregated

    PHYSICAL & CLOUD SECURITY


    Data Center Security: Assent uses a third-party, Tier III data center with its own SOC 2 Type II certification to host its servers. The facility employs a two-stage biometric authentication process, video-monitoring and an individually-locked cage. Additionally, the facility has redundant power, cooling and internet access.

    AWS Security: Assent leverages AWS (Amazon Web Services) for select services. AWS security is backed by numerous certifications, including SOC 2 and ISO 27001.

    NETWORK SECURITY


    Intrusion Detection and Prevention: Network Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are in place at application ingress and egress points to detect, prevent and mitigate potential security events.

    Network Data Loss Prevention: Customer data is fingerprinted when received via Assent’s SFTP, then tracked using our Network Data Loss Prevention solution.

    Architecture: Assent’s network architecture follows high availability and topology practices to ensure customer data is isolated from edge network traffic.

    Network Vulnerability Scanning: Assent performs regular, in-depth vulnerability scans to monitor network and endpoint security.

    Security Incident Event Management (SIEM): A SIEM solution monitors, analyzes and alerts the security team to potential security events.

    Network Access: Access to the Assent network is restricted to authorized users and devices.

    OPERATIONAL SECURITY


    Security Incident Response: Assent has a documented incident response plan that covers all aspects of an incident, from detection to post-incident analysis.

    Disaster Recovery: Assent has a disaster recovery plan designed to ensure minimal disruption in the event of a disaster. The production environment, including customer data, is replicated to a secondary site that is available if the primary site goes offline. The disaster recovery plan is tested annually.

    Change Management: Production changes are subject to documented testing, validation and approval.

    Two-Factor Authentication: Two-factor authentication is used for administration of the production environment and for remote access to the Assent network.

    Backups: Full backups are performed weekly, while log and differential backups are performed hourly.

    Monitoring: All systems are monitored 24/7 for performance and capacity.


    Server Protection:

  • Patching and Maintenance: System security patches are applied monthly.
  • Anti-Malware: All servers are protected using endpoint protection software.

  • User Workstation Protection:

  • Full Disk Encryption: All Assent-owned mobile devices, including phones or laptops, are encrypted.
  • Anti-Malware: All workstations are protected using endpoint protection software.
  • Central Management: All workstations are centrally managed for patching and configuration.
  • SECURITY COMPLIANCE


    SOC 2: Assent has a SOC 2 Type II report, available upon request.

    ITAR Compliant Offering: Assent has an available ITAR-compliant Assent Compliance Platform environment hosted in the AWS GovCloud. Account executives are able to provide more information.

    Dedicated Security Team: All members of Assent’s security team hold ISC2 certifications.

    Policies: Assent has a comprehensive set of security policies, based on the ISO 27001 framework, which are reviewed annually. These policies are made available to all employees and contractors with access to Assent information assets.

    Background Checks: Assent performs background and criminal reference checks on all new employees.

    Confidentiality Agreements: All new employees are required to sign confidentiality agreements.

    If you have any questions or would like to know more about our data and information security policies and procedures, please contact us at info@assentcompliance.com.

    © 2018 Assent Compliance Inc.