Data Center Certifications
Eliminate the Cybersecurity Blind Spot
At Securus360, we are committed to earning the trust of our customers by safeguarding data and conforming to industry standards for security and privacy.
The MXDR Platform is certified for broad set of international and industry specific compliance standards including ISO 27001, ISO 20000 and SSAE 18 SOC 2 for design and implementation effectiveness of the controls. The design and implementation effectiveness of these controls is verified through rigorous independent audits and assurance.
The security model covers physical, network, operational, organizational, and application security requirements.
Physical Security
Platform assets are hosted in data centers as well as a secure cloud infrastructure. The data centers comply with relevant industry standards (ISO 27001 and SSAE 18 SOC 2) for physical security and availability.
Availability and Access
The business continuity program ensures consistent service uptime across all hosted environments. Disaster recovery infrastructure is located both on the premises and the cloud. Access is regularly reviewed to ensure security of the production assets.
Scheduled Data Backups
The platform utilizes geo-redundant storage for backing up data from the 24/7 production servers.
Network Operations, Security, and Protection
The network infrastructure securely controls inbound and outbound network traffic using the most effective network security procedures available, including firewall architecture, VLAN segmentation, VPN access and SSL encryption among others.
Update Management
We have ongoing processes in place to manage the installation and distribution of security updates for OS, web applications, databases and libraries. We utilize a blend of manual testing and third party tools to determine the network security posture and apply patches for all critical identified vulnerabilities.
Monitoring and Logging
All critical network devices are centrally monitored through our advanced MXDR platform to provide continuous visibility and timely alerts on unauthorized access and login failures.
Red Teaming Exercises for Security Hygiene
Regular vulnerability assessments and penetration testing exercises are conducted. Such assessments are done on all internal and public facing IPs utilizing both manual and tool-based testing.
Organizational Security and Information Security Management
We address information security management with a triad approach. A focus on processes, people, and technology delivers optimized solutions to customers. Our comprehensive ISMS Framework encompasses policies and procedures to systematically manage sensitive, restricted and confidential internal and customer data.
Data Privacy
We do not collect or process any personal information without explicit permission from our customers. We ensure customers understand what data is collected as well as how and why it is used. Any privacy data is protected by additional security controls that our customers are mandated to follow.
Talk to the Securus360 Team
The Cyber Protection of Your School District Starts With Securus360. Request a Demo Today!
Data Center Certifications
2FA
NIST 800-171
Certified Ethical Hacker
ISO 27001
Elastic Certified Engineer
NSA-CAE Defense Certified
CompTIA Security+
Offensive Security Certified
Data Center Certifications & What They Mean:
ISO 27001- The ISO 27001 is a specification for an information security management system (ISMS) creating a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization's information risk management processes. To be certified, you have to meet all of the defined requirements showing that you have adequate security built in including physical protection of your data center preventing people from wondering in there.
ISO 20000- ISO/IEC 20000 is the international standard specifically for IT Service Management. It describes an integrated set of management processes which form a service management system for the effective delivery of services to the business and its customers. This is important for IT Service Provider to show the customers that their services follow key processes that are clearly defined and proven to be effective.
SSAE 18 SOC 2- SSAE 18 defines these vendors as “sub-service organizations” and requires them to undergo the same risk assessment to evaluate their organizational controls before the original service provider can receive an SOC attesting that they have the proper systems in place for managing risk. Put simply, it ensures that when someone enters into a relationship with a service provider of any kind, they can trust that any vendors the service provider works with meet the same compliance standards.
