AIS is committed to compliance. We have aligned our security controls and processes with industry-proven security best practices. We work with third-party auditors to regularly test our systems, processes and control points. We are proud of our IT and Information Security Team credentials. On average, our network and server engineers have 20 years of experience, with our service desk engineers having five.
The safety of our clients’ data is our top priority. That’s why we believe that no other company in this industry has invested in data security like AIS. Much like our clients, data security is a key element to our own business. We are audited on a monthly basis by major financial institutions and continue to surpass the security expectations for our clients.
- House and protect 580+ million accounts
- All servers are US-based
- SOC 1 and SOC 2 certified
- All servers are US-based
- Replicated Data centers with dedicated 10 Gbps link for SAN replication
- Encrypted Data Transfer
- Secure Tunnels
- Regular anti-virus updates
- 24 x 7 Network Operations Center (NOC)
- 24 x 7 CCTV camera recording
- Mandatory badge scanning
- Tier 1 Location process engineers
POLICIES & REQUIREMENTS
We have developed over 120 policies to mitigate risk for our clients and assure that data assets are secure and protected. Our policies cover all critical areas including: information protection, physical security, privacy, fraud, employment and training, and operational competency.
- Privacy/Security/Federal Regulations training required - All employees
- Routine third-party employee background checks
- Prohibited use of personal mobile phones
- Restricted internet usage
- Email restrictions
- Copy-paste limitations, where requested
- Printing restrictions, where requested
- Partitions and secure team area available
AIS is focused on contingency planning to help manage risk and ensure that we can continue providing services to all of our clients, at all business locations in the United States and overseas, in the event of an unlikely or unanticipated event. This is accomplished through an annual review that analyzes business processes, their impact on the organization, and the IT infrastructure vulnerabilities that these processes face from a myriad of possible risks. Our Business Continuity Team schedules and performs BCP/DRP testing annually that includes testing and confirmation that the Recovery Time Objective (RTO) and the Recovery Point Objective (RPO) can be met.
- Multi-level redundancy for power, network, server and data centers
- UPS power generator
- Low-risk site location
- Process-specific BCP available