EnviroData Solutions, Inc. provides Software as a Service(SaaS) solutions that help its clients keep their employees safe and meet their environmental, safety, health and quality obligations. We have implemented the security practices described below to protect our client's data. Additional information on our security practices may be found within our Trust Center and Security Scorecard.
ORGANIZATIONAL SECURITY
- Background Checks - Our employees receive background checks prior to employment.
- Endpoint Security - Computers issued to EnviroData Solutions, Inc. employees are routinely patched to ensure they are running the latest operating system versions and are equipped with anti-virus software and malware protection.
PHYSICAL SECURITY
- Workplaces - Workplaces are secured and locked when unattended to prevent unauthorized access.
- Data Centers - Data centers are ISO 27001 certified, which is an indication of their rigorous security practices.
INFRASTRUCTURE SECURITY
- Network Protection - Firewalls are used to prevent unauthorized access to our servers, and client data is segregated into unique databases and application pools to protect sensitive data.
- Server Hardening - Servers are hardened by disabling unused ports and accounts as well as removal of default passwords and outdated users.
- Server Monitoring - Servers are routinely monitored for Malware and vulnerabilities. Logs and data are monitored for malicious activity.
- Web Applications - Access to web applications is protected by a web application firewall that screens traffic for threats and prevents access from malicious bots and IP addresses.
DATA SECURITY
- Security By Design - Changes to our software solutions are reviewed for security risks at each stage of the development life-cycle.
- Data Isolation - Each client's data is maintained in a separate database to keep it confidential.
- In Transit Encryption - Customer data transmitted to and from our servers is done through strong encryption protocols.
- At Rest Encryption - Customer data stored on servers is encrypted at rest to prevent unauthorized access.
- Backup Encryption - Backups of client data are made nightly and maintained in an encrypted state.
IDENTITY AND ACCESS CONTROL
- Single Sign-On (SSO) - Our software solutions offer a number of SSO options.
- Multi-Factor Authentication (MFA) - Our software solutions include the ability to use MFA, which reduces the risk of unauthorized access if a user's password is compromised.
OPERATIONAL SECURITY
- Backups - Data is backed up daily. Backups are maintained in an encrypted and geo-redundant manner.
- Business Continuity - EDS maintains and exercises a business continuity program to minimize disruptions to our clients should a disaster strike.
VENDOR MANAGEMENT
- Selection - Vendors are carefully selected and evaluated with information security requirements in mind.
INCIDENT MANAGEMENT
- Breach Notification - Internal procedures require that, should one occur, data breaches are communicated to impacted clients and required regulatory authorities as soon as practical and in a timeframe that is compliant with applicable legal requirements.
- Business Continuity - EDS maintains and exercises a business continuity program to minimize disruptions to our clients should a disaster strike.
CONTACT US FOR ADDITIONAL INFORMATION
If you have questions or concerns about EnviroData Solutions, Inc.’s security practices, please contact our Legal Department (Click Here To Email Us) or write us at:
Legal Department
EnviroData Solutions, Inc.
1499 West 120th Avenue, Suite 110
Westminster, CO 80234
(720) 547-5102
https://www.ecesis.net/
