PensionPro Software strives to maintain its production service environment in a state that is both secure, up to date, and highly available. In order to achieve this goal, we have invested significant time and resources into both equipment and support services. The following document outlines our structure and practices in regard to our environment, data, and services.
Patching of server operating systems in the production environment is performed monthly and generally within our server maintenance window on Sunday’s between the hours of 00:00 and 06:00 EST.
Emergency patches will be applied as needed and determined on an individual basis. We take the security of our servers very seriously and utilize professional services and consulting from our hosting partner as well as our in-house team.
All server maintenance that will cause an outage or downtime will occur during the scheduled maintenance window for the production environment. This window is every Sunday from 00:00 to 06:00 EST.
Any maintenance outside of this window will be performed only in the case of an emergency where the service cannot wait until the regularly scheduled window.
This Policy is intended to: (a) safeguard information against unauthorized access; (b) balance the need for business efficiency with the need to safeguard information; (c) protect the confidentiality, integrity, and availability of our information systems.
The Chief Technology Officer and Systems Administrator have been designated as our Data Security Coordinators. The Data Security Coordinators are responsible for:
PensionPro utilizes three forms of encryption in order to protect information during transport and storage. For resting data, sensitive information such as passwords are stored in an encrypted format in the database so that they are not useful on their own and can only be read with the encryption key from the service layer.
For transport data, encryption is applied at two points. The first is message level security in which the web service encrypts the messages that the service is preparing to send to clients. After that, the message is sent over the internet to the client with transport layer encryption using a 128-bit SSL certificate. At no time is a message available in clear text.
Pension Pro will provide training to all employees on data security best practices. Employees whose job responsibilities require that they have access to client information, sensitive data, or personally-identifiable information will receive additional training to help them understand their responsibilities when handling such information.
In the event of a Security Incident, PensionPro will notify our customers as soon as possible but in no event later than 48 hours from the identification by us or notification of such incident from our hosting provider.
PensionPro performs vulnerability testing of our production IP addresses at a minimum of 2 times per year. All public facing IP addresses are scanned by a respected third party testing tool to ensure that they are protected against all known threats.
Having an environment that is secure from the outside is only part of our security approach. To address internal security and staff controls, we have devised an environment where access to the production systems is only available to a restricted group comprised of three employees, Bill Renninger, Darren Conner, and Victor Ferris. Each of these employees acts as a steward of access to production information. No employee on the engineering or support staffs are able to directly manipulate the production servers without using our applications. All development is performed using separate databases and services. Promotion of changes to the production environment is performed by the restricted group only. There is no physical access to the production equipment by any employee of PensionPro Software as it resides in a datacenter controlled and owned by a third party hosting partner. That hosting partner has physical and virtual access to the equipment and provides SOC audit reports to demonstrate their compliance with control standards.
At PensionPro Software we strive to maintain 100% availability of our systems and software. Our hosted production environment was designed to give hardware and software redundancy at all layers of the system. The datacenter provides physical access security plus redundant power, cooling, and internet access. The hardware used for our services include redundant networking equipment, hypervisors, and disks. In the event of any failure of any piece of hardware there is another device ready to take on the tasks of the failed device. In addition to hardware redundancy, we have created redundancy in our virtual machines so that no one virtual machine is depended upon to keep our core services running. There are multiple web servers and a database cluster so that any failure of an individual virtual machine will result in its tasks being performed by another member of its availability group. Finally, all data is stored in multiples on storage arrays ensuring that data is striped and mirrored over a large collection of disks so that it is capable of withstanding multiple simultaneous drive failures without degradation of service.
System monitoring is performed at three levels in our production environment, virtual machine, hardware, and application. Our hosting partner continuously monitors the physical hardware for consistency and peak function. If any issues are detected an alert is sent to system administrators. In addition, PensionPro Software applies software based monitoring through a light weight agent that is installed on each server that reports to an external monitoring service. This service monitors the virtual machines for operational strain and reports on disk, network, memory, and CPU consumption. The service also monitors the web applications and database directly for uptime, scalability, and responsiveness. If strain above a certain threshold is detected in any area alerts are immediately sent to system administrators detailing the issue.
Backups of production data are fully managed and automated for maximum safety. The database servers run a transactional backup every 5 to 10 minutes, a differential every hours, and a full every week. The database server backups are encrypted when stored and are replicated in both the primary datacenter and the secondary failover site for a 35 day retention period. Application servers are created using Infrastructure as code technology and can be recreated on demand via this service.
Version 1.4 - January 24, 2018