Security Policy

As part of the mission to store, manage and protect our customer’s vital business information, Datastore is responsible for the safekeeping of data and information in a variety of formats for a large number of highly regarded Companies. This responsibility is taken very seriously, and Datastore has gone to great lengths to earn and live up to the trust of its customers. Datastore recognizes that secure products and services are instrumental in maintaining trust and strives to create innovative and secure products that serve customers’ needs and operate in their best interest. Customers benefit from the extensive operational experience utilized to deliver secure and reliable services and products. Datastore’s products and services combine advanced technology solutions with industry–leading security practices to ensure customer and user data is secure. Significant financial investments are made to ensure the most secure, reliable environment is maintained for customer records, data, and applications. In particular, Datastore focuses on several aspects of security that are deemed critical by our business customers including:

• Organizational and Operational Security

Policies and procedures to ensure security at every phase of design, deployment and ongoing

• Data Security

Ensuring customer data is stored in secure facilities, on secure servers, and within secure applications.

• Threat Evasion

Protecting users and their information from malicious attacks and would-be hackers.

• Safe Access

Ensuring that only authorized users can access data, and the access channel is secure.

• Data Privacy

Ensuring that confidential information is kept private and confidential.

This document describes Datastore’s security strategy, which utilizes numerous physical, logical, and operational security measures to ensure the utmost in security and privacy.

Organizational & Operational Security

The foundation of Datastore’s security strategy starts with its people and processes. Security is a combination of people, processes, and technology, that when put together properly lead to safe and secure information management and processing. Security is not something that can simply be validated after the fact. Rather, it is designed into products and services, processes, infrastructure, and systems from the onset. Datastore employs a full measure of security efforts to develop, document, and implement comprehensive security policies.

Development Methodology

Datastore’s security posture is top of mind from the moment a product or service is formulated for design. Datastore teams receive extensive training in security fundamentals. Datastore’s development methodology lays out a multi-step plan with ongoing checkpoints and full audits.

Datastore’s technology services team is responsible for all stages of the product development lifecycle including design review, code audit, system and functional testing, and final launch approval. Datastore uses a number of commercial and proprietary technologies to ensure that applications are secure at every level. Datastore’s technology services team is also responsible for ensuring that secure development processes are followed to ensure customer safety.

Operational Security

Datastore is focused on maintaining security of the operational systems including data handling and system management. Routine audits of the records and datacenter facilities, operations, and ongoing threat assessments are conducted against Datastore’s physical and logical assets.

Datastore ensures that all employees are appropriately screened and trained to conduct their job in a professional and secure manner. As appropriate, Datastore goes to great lengths to screen and verify an individual’s background prior to joining the organization. All personnel are thoroughly trained on security and information privacy practices and continually updated on their training.

Data Security

The security of company and user data is the mission of the entirety of Datastore’s Operations teams. Datastore’s business is built on user trust, and therefore this is one of the keys to continued success of Datastore as a corporation. All Datastore employees are instilled with the value of responsibility to our valued customers.. Protecting information and data is at the core of what Datastore is all about. Datastore takes great care to protect the multitude of vital business information records and data we service; we apply that same care to Datastore’s communication and technology systems.

Physical Security

Datastore operates large records and information centers, and goes to great lengths to protect the data and intellectual property in these centers. Datastore operates facilities in various regions, and many Datastore centers are wholly owned and managed with modern security controls ensuring that no outside parties can gain access. Only select Datastore employees have access to the center facilities, records, and the information servers contained therein, and this access is tightly controlled and audited. Security is monitored and controlled both locally at the site, and centrally at Datastore’s central center in Milwaukee.

The world-class records centers and facilities themselves are engineered not only for maximum efficiency, but also for security and reliability. Multiple levels of redundancy ensure ongoing operation and service availability in even the harshest and most extreme of circumstances.

Logical Security

In web-based computing, the logical security of data and applications is as critical as physical security. Datastore goes to extremes to ensure that applications are secure, that data is handled in a secure and responsible way, and that no external unauthorized access to customer or user data can be achieved. To achieve this goal, Datastore uses a number of industry standard techniques as well as some unique, innovative approaches.

Datastore’s servers are also protected by the appropriate levels of firewalls to protect against attacks. Traffic is inspected as appropriate for attempted attacks, and any attempts are dealt with swiftly to ensure the continued protection of our customers’ data.

Information Accessibility

Data such as email, when appropriate, is stored in an encoded format optimized for performance, rather than stored in a traditional file system or database manner. Datastore’s physical protections described above ensure that no physical access to servers is only available to authorized personnel.

Specialized knowledge of the data structures and Datastore’s infrastructure would be required to get meaningful access to end user data. This is one of many security layers to ensure security of sensitive data within Datastore’s environment.

User data is only accessible with appropriate credentials, ensuring that there is no possibility of one customer having access to another customer’s data without explicit knowledge of their login information.

Redundancy and Business Continuity

The application and network architecture run by Datastore is designed for maximum reliability and uptime. Datastore’s critical systems are also protected by data replication and backup services.

Data is replicated multiple times across Datastore’s servers, so, in the case of a machine failure, data will still be accessible through another system. In addition, system data (not physical records) is replicated across records centers. As a result, if an entire center were to fail or be involved in a disaster, a second center would be able to immediately take over and provide services to users.

Threat Evasion

Email viruses, phishing attacks, and spam are amongst the biggest security threats within corporations today. Reports show that more than two-thirds of incoming mail is spam, new email viruses are born and distributed throughout the Internet each day. Keeping on top of this can be an overwhelming task, and even corporations with spam and virus filters struggle with keeping these constantly up to date to deal with the latest threats. In addition, network-based applications are the target of malicious attacks attempting to tamper with data or bring down the service. Datastore employs world-class threat evasion to protect employees and users from attacks on the data and within the content of their messages and files.

Safe Access

No matter how secure a center, data is vulnerable once it’s downloaded to an employee’s or user’s local computer. Studies have shown that the average laptop has over 10,000 files and thousands of downloaded email messages. Imagine if one of these corporate laptops falls into the hands of a malicious user. Simply by mounting a disk, an unauthorized user can get access to your corporation’s intellectual property and secrets. Datastore mitigates this risk by avoiding the local storage of customer data onto employee’s or customer’s laptops.

Access to Datastore facilities and to Datastore’s systems is permitted only when prior written authorization by designated customer representatives is provided. Physical access to Datastore facilities is granted upon the presentation of valid photo identification and the execution of a data center confidentiality agreement.

Data Privacy

Datastore is very sensitive to company and user privacy, and realizes that the data housed within applications is confidential and sensitive. Datastore ensures that information is not compromised.

Datastore’s privacy policy that protects all services can be found by visiting

Per this policy and related policies for the individual services provided by Datastore, at all times will Datastore employees protect confidential information and data.

Conclusion

Datastore provides secure and reliable services and solutions to better manage your vital information management by bringing you the latest technologies and best practices for records and data center management, network application security, and data integrity. When you entrust your company’s information with Datastore, you can do so with confidence, knowing that the full weight of Datastore’s technology and infrastructure investment is brought to bear to ensure the security, privacy, and integrity of your data.

For more information about Datastore,
please visit us at: http://www.Datastoreweb.com