isitepmo.com utilizes some of the most advanced technology for Internet security available today. When you access our site using industry standard Secure Socket Layer (SSL) technology, your information is protected using both server authentication and data encryption, ensuring that your data is safe, secure, and available only to registered Users in your organization. Your data will be completely inaccessible to your competitors. We take security very seriously and have developed a comprehensive set of practices, technologies and policies to help ensure your data is secure.
isitepmo.com provides each User in your organization with a unique user name and password that must be entered each time a User logs on. isitepmo.com issues a session "cookie" only to record encrypted authentication information for the duration of a specific session. The session "cookie" does not include either the username or password of the user. isitepmo.com does not use "cookies" to store other confidential user and session information, but instead implements more advanced security methods based on dynamic data and encoded session IDs.
Our datacenters are hosted in some of the most secure facilities available today in locations that are protected from physical and logical attacks as well as from natural disasters such as earthquakes, fires, floods, etc.
- 7x24x365 Security. The data centers that host your data are guarded seven days a week, 24 hours a day, each and every day of the year by private security guards.
- Video Monitoring. Each data center is monitored 7x24x365 with night vision cameras.
- Controlled Entrance. Access to the isitepmo.com data centers is tightly restricted to a small group of pre-authorized personnel.
- Biometric, two-Factor Authentication. Two forms of authentication, including a biometric one, must be used together at the same time to enter an isitepmo.com data center.
- Undisclosed locations. isitepmo.com servers are located inside generic-looking, undisclosed locations that make them less likely to be a target of an attack.
Our network security team and infrastructure helps protect your data against the most sophisticated electronic attacks. The following is a subset of our network security practices. These are intentionally stated in a very general way, since even knowing what tactics we use is something hackers crave. If your organization requires further detail on our network security, please contact us.
- 128/256-bit SSL. The communication between your computer and our servers is encrypted using strong 128-bit keys (256-bit keys in many cases). What this means is that even if the information traveling between your computer and our servers were to be intercepted, it would be nearly impossible for anyone to make any sense out of it. Please check our product pages for details on which applications or plans support SSL.
- IDS/IPS. Our network is gated and screened by highly powerful and certified Intrusion Detection / Intrusion Prevention Systems.
- Control and Audit. All accesses are controlled and also audited.
- Virus Scanning. Traffic coming into isitepmo.com servers is automatically scanned for harmful viruses using state of the art virus scanning protocols which are updated regularly.
Designing and running data center infrastructure requires not just technology, but a disciplined approach to processes. This includes policies about escalation, management, knowledge sharing, risk, as well as the day to day operations. isitepmo.com's security team has years of experience in designing and operating data centers and continually improves our processes over time. isitepmo.com has developed a world class practices for managing security and data protection risk.
- Select Employees. Only employees with the highest clearance have access to our data center data. Employee access is logged and passwords are strictly regulated. We limit access to customer data to only a select few of these employees who need such access to provide support and troubleshooting on our customers' behalf.
- Audits. Audits are regularly performed and the whole process is reviewed by management
- As-Needed Basis. Accessing data center information as well as customer data is done on an as-needed only basis, and only when approved by the customer (i.e. as part of a support incident), or by senior security management to provide support and maintenance.
Redundancy and Business Continuity
One of the fundamental philosophies of cloud computing is the acknowledgment and assumption that computer resources will at some point fail. We have designed our systems and infrastructure with that in mind.
- Power Redundancy. isitepmo.com configures its servers for power redundancy – from power supply to power delivery.
- Internet Redundancy. isitepmo.com is connected to the world –and you- through multiple Tier-1 ISPs. So if any one fails or experiences a delay, you can still reliably get to your applications and information.
- Redundant Network Devices. isitepmo.com runs on redundant network devices (switches, routers, security gateways) to avoid any single point of failure at any level on the internal network.
- Redundant Cooling and Temperature. Intense computing resources generate a lot of heat, and thus need to be cooled to guarantee a smooth operation. isitepmo.com servers are backed by N+2 redundant HVAC systems and temperature control systems.
- Geo Mirroring. Customer data is mirrored in a separate geographic location for Disaster Recovery and Business Continuity purposes. Please note geo mirroring is available on select products and plans.
- Fire Prevention. The isitepmo.com data centers are guarded by industry-standard fire prevention and control systems.
- Data Protection & Back-up. User data is backed-up periodically across multiple servers, helping protect the data in the event of hardware failure or disaster.
While we cannot list all the details of our infrastructure for security reasons, rest assured that isitepmo.com's security practices, policies and infrastructure are proven and reliable.
Vulnerability reporting policy
Security researchers seeking information on how to report security issues to isitepmo.com should review our Vulnerability Reporting Policy.
The isitepmo.com security team acknowledges the valuable role that independent security researchers play in Internet security. Keeping our customers’ data secure is our number-one priority, and we encourage responsible reporting of any vulnerabilities that may be found in our site or application. isitepmo.com is committed to working with the security community to verify and respond to any potential vulnerabilities that are reported to us. Additionally, isitepmo.com pledges not to initiate legal action against security researchers for penetrating or attempting to penetrate our systems as long as they adhere to the conditions below.
Testing for security vulnerabilities
Conduct all vulnerability testing against Trial or Developer Edition organizations (instances) of our online services to minimize the risk to our customers’ data.
Reporting a potential security vulnerability
Privately share details of the suspected vulnerability with isitepmo.com by sending an email to firstname.lastname@example.org
Provide full details of the suspected vulnerability so the isitepmo.com security team may validate and reproduce the issue
isitepmo.com does not permit the following types of security research
- Causing, or attempting to cause, a Denial of Service (DoS) condition
- Accessing, or attempting to access, data or information that does not belong to you
- Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you
The isitepmo.com security team commitment
- To all security researchers who follow this isitepmo.com Vulnerability Reporting Policy, the isitepmo.com security team commits to the following:
- To respond in a timely manner, acknowledging receipt of your report
- To provide an estimated time frame for addressing the vulnerability
- To notify the reporting individual when the vulnerability has been fixed
isitepmo.com does not compensate people for reporting a security vulnerability, and any requests for such compensation will be considered a violation of the conditions above. In such an event, isitepmo.com reserves all of its legal rights.