Security

Security, Maintenance and Availability

PensionPro Software strives to maintain its production service environment in a state that is both secure, up to date, and highly available. In order to achieve this goal, we have invested significant time and resources into both equipment and support services. The following document outlines our structure and practices in regard to our environment, data, and services.

Patch Management:
Patching of server operating systems in the production environment is performed monthly and generally within our server maintenance window on Sunday’s between the hours of 00:00 and 06:00 EST. 

Emergency patches will be applied as needed and determined on an individual basis. We take the security of our servers very seriously and utilize professional services and consulting from our hosting partner as well as our in-house team.

Server Maintenance:
All server maintenance that will cause an outage or downtime will occur during the scheduled maintenance window for the production environment.  This window is every Sunday from 00:00 to 06:00 EST. 

Any maintenance outside of this window will be performed only in the case of an emergency where the service cannot wait until the regularly scheduled window.

Information Security:
This Policy is intended to: (a) safeguard information against unauthorized access; (b) balance the need for business efficiency with the need to safeguard information; (c) protect the confidentiality, integrity, and availability of our information systems.

The Chief Technology Officer and Systems Administrator have been designated as our Data Security Coordinators.  The Data Security Coordinators are responsible for:

  • Maintaining this Policy, including regular monitoring to ensure that the Policy is operating in a reasonable manner to prevent unauthorized access to or unauthorized use of information; and upgrading information safeguards as necessary to limit risks of unauthorized access or use of such information;
  • Reviewing the scope of this Policy at least annually, or whenever there is an incident involving a breach of information security, or a material change in our business practices that may reasonably implicate the security or integrity of records containing Protected Information;
  • Updating management as necessary about data protection responsibilities, risks, and issues;
  • Arranging for data protection training for the individuals identified for such training by this Policy, and for at least annual updates of such training for each such individual;
  • Distributing a copy of this Policy to each current employee and to each new employee on the beginning date of their employment.
  • Answering inquiries from employees and others regarding our data security practices;
  • Approving written requests for exceptions to this Policy to meet specific business needs and situations and periodically reviewing all exceptions;
  • Reviewing and approving any contracts or agreements with third parties that might require disclosure of information, and evaluating the ability of  third party service providers to implement and maintain appropriate security measures consistent with this Policy; and
  • Documenting responsive actions taken in connection with any incident involving a breach of information security, and undertaking and documenting a post-incident review of events and actions taken, if any, to make changes in business practices relating to protection of Protected Information.

PensionPro utilizes three forms of encryption in order to protect information during transport and storage. For resting data, sensitive information such as passwords are stored in an encrypted format in the database so that they are not useful on their own and can only be read with the encryption key from the service layer.

For transport data, encryption is applied at two points. The first is message level security in which the web service encrypts the messages that the service is preparing to send to clients. After that, the message is sent over the internet to the client with transport layer encryption using a 128-bit SSL certificate. At no time is a message available in clear text.

Training:
Pension Pro will provide training to all employees on data security best practices.  Employees whose job responsibilities require that they have access to client information, sensitive data, or personally-identifiable information will receive additional training to help them understand their responsibilities when handling such information. 

Security Incident:
In the event of a Security Incident, PensionPro will notify our customers as soon as possible but in no event later than 48 hours from the identification by us or notification of such incident from our hosting provider.

Vulnerability Testing:
PensionPro performs vulnerability testing of our production IP addresses at a minimum of 2 times per year. All public facing IP addresses are scanned by a respected third party testing tool to ensure that they are protected against all known threats.

Internal Controls:
Having an environment that is secure from the outside is only part of our security approach. To address internal security and staff controls, we have devised an environment where access to the production systems is only available to a restricted group comprised of three employees, Bill Renninger, Darren Conner, and Victor Ferris. Each of these employees acts as a steward of access to production information. No employee on the engineering or support staffs are able to directly manipulate the production servers without using our applications. All development is performed using separate databases and services. Promotion of changes to the production environment is performed by the restricted group only. There is no physical access to the production equipment by any employee of PensionPro Software as it resides in a datacenter controlled and owned by a third party hosting partner. That hosting partner has physical and virtual access to the equipment and provides an SOC I Type II to demonstrate their compliance with control standards.

High Availability:
At PensionPro Software we strive to maintain 100% availability of our systems and software. Our hosted production environment was designed to give hardware and software redundancy at all layers of the system. The datacenter provides physical access security plus redundant power, cooling, and internet access. The hardware used for our services include redundancy for firewalls, load balancers, physical servers, and disks. In the event of any failure of any piece of hardware there is another device ready to take on the tasks of the failed device. In addition to hardware redundancy, we have created redundancy in our virtual machines so that no one virtual machine is depended upon to keep our core services running. There are multiple web servers and a database cluster so that any failure of an individual virtual machine will result in its tasks being performed by another member of its availability group. Finally, all data is stored on a SAN array ensuring that data is striped and mirrored over a large collection of disks so that it is capable of withstanding multiple simultaneous drive failures without degradation of service.

System Monitoring:
System monitoring is performed at three levels in our production environment, virtual machine, hardware, and application. Our hosting partner continuously monitors the physical hardware for consistency and peak function. If any issues are detected an alert is immediately sent to all members of the restricted group detailing the issue. In addition, PensionPro Software applies software based monitoring through a light weight agent that is installed on each server that reports to an external monitoring service. This service monitors the virtual machines for operational strain and reports on disk, network, memory, and CPU consumption. The service also monitors the web applications and database directly for uptime, scalability, and responsiveness. If strain above a certain threshold is detected in any area alerts are immediately sent to all members of the restricted group detailing the issue.

Backup:
Backups of production data are taken at two levels and stored on two levels. The database servers run a transactional backup every 20 minutes and a full every night. The database server backups are encrypted and stored off-site with a reputable cloud backup provider for a 30 day retention period. Application servers are created using Infrastructure as code technology and can be recreated on demand via this service.


Version 1.3 - October 2, 2017