Here are just some of the ways in which we protect your data:

• SOC 2 Type II audits are conducted annually by a third-party firm
• Intrusion detection software is always in place
• Excessive logins, intrusion and other system heartbeat measurements are constantly monitored
• Penetration testing is conducted annually by a third-party firm
• Vulnerability scans are carried out monthly
• Security patches and updates are applied each week
• Our disaster recovery plan is tested annually by actually recovering our servers
• The database and backups utilize data-at-rest encryption
• All servers are hardened using the SANS checklist and reviewed annually
• All data to the server goes through encrypted https port 443
• Secure file transfer protocol (SFTP) traffic is only directed to a non-standard port from specifically white-listed IP addresses

Additional security policies and procedures:

• Security policies are reviewed twice each year
• Employees are provided security awareness training every quarter
• Security-related issues discussions and security training are conducted quarterly with our developers
• Emergency contacts are verified quarterly
• An annual in-depth risk analysis includes reviews of all vendors
• CWS is GDPR compliant and signs a separate Model Processor Contract with all European customers

If you have any other questions about our approach to data security, please reach out to our team.