SECURITY

HomeAbout UsSecurity

LeveragePoint utilizes some of the most advanced technology for Internet security available today. We use Amazon Web Services (AWS) to host our highly scalable platform with high availability, dependability, and security. AWS and Leveragepoint services are built in accordance with security best practices providing end-to-end data security and confidentiality. Your data is safe, secure, and available only to registered users within your organization. Your data will be completely inaccessible to your competitors.

 

Reports & Certifications

LeveragePoint publishes a Service Organization Controls 2 (SOC 2) Type II audit report under both the SSAE 16 and the ISAE 3402 professional standards. The SOC 2 audit report attests that LeveragePoint’s Security and Confidentiality controls to safeguard customer data are appropriately designed and operating effectively. Our commitment to the SOC 2 report is ongoing and we plan to continue our process of periodic audits. AWS has achieved ISO 27001 certification in Information Security Management System (ISMS), covering the infrastructure, data centers, and AWS services used by LeveragePoint. In addition, AWS has successfully completed SAS70 type II audits and currently publishes a SOC 1 audit report that LeveragePoint reviews annually.

 

Physical Security

  • Data center access is limited to AWS data center technicians
  • Two-factor authentication for controlled data center access
  • Video surveillance and intrusion detection systems at the data center
  • 24×7 onsite staff provides additional protection against unauthorized entry
  • Unmarked facilities to help maintain a low profile
  • Physical security audited by an independent firm

 

System Security

  • System installation using hardened, patched OS
  • Firewalls are in place to block unauthorized system access
  • Distributed Denial Of Service (DDoS) Attack mitigation using proprietary techniques
  • Regular Penetration tests conducted
  • Protection against SQL injection and XSS attacks

 

Operational Security

  • Systems access is logged and tracked for auditing purposes
  • Secure document-destruction policies for all sensitive information
  • Fully documented change-management procedures

 

Software Security

Access to your data in LeveragePoint is controlled using Access Control Lists that you have full control over. In addition, LeveragePoint offers companies flexibility in configuring various security controls to their corporate standards. These include:

  • User timeout window
  • Password strength
  • Allowed number of failed password attempts
  • Password expiry
  • Restricting access to IP address range

 

Communications

All data exchanged with LeveragePoint is always transmitted over SSL using 256-bit encryption for maximum security.

 

Backups and Fault Tolerance

Our architecture is designed with redundancy at each level to ensure maximum fault tolerance. Your data is backed-up and replicated to multiple locations. In the event of failure, LeveragePoint will switch to an alternative location to ensure high availability.

 

Contact Us

If you have any technical questions or concerns, please contact techsupport@leveragepoint.com. For security-related inquiries or to report a suspected security breach, please contact security@leveragepoint.com.