LeveragePoint utilizes some of the most advanced technology for Internet security available today. We use Amazon Web Services (AWS) to host our highly scalable platform with high availability, dependability, and security. AWS and Leveragepoint services are built in accordance with security best practices providing end-to-end data security and confidentiality. Your data is safe, secure and available only to registered users within your organization. Your data will be completely inaccessible to your competitors.
Reports & Certifications:
LeveragePoint publishes a Service Organization Controls 2 (SOC 2) type II audit report, published under both the SSAE 16 and the ISAE 3402 professional standards. The SOC 2 audit report attests that LeveragePoint’s Security and Confidentiality controls to safeguard customer data are appropriately designed and operating effectively. Our commitment to the SOC 2 report is on-going and we plan to continue our process of periodic audits. AWS has achieved ISO 27001 certification of Information Security Management System (ISMS), covering the infrastructure, data centers, and AWS services used by LeveragePoint. In addition, AWS has successfully completed SAS70 type II audits and currently publishes a SOC 1 audit report that LeveragePoint reviews annually.
- Data center access limited to AWS data center technicians
- Two-factor authentication for controlled data center access
- Video surveillance and intrusion detection systems at data center
- 24×7 onsite staff providing additional protection against unauthorized entry
- Unmarked facilities to help maintain low profile
- Physical security audited by an independent firm
- System installation using hardened, patched OS
- Firewalls in place to block unauthorized system access
- Distributed Denial Of Service (DDoS) Attack mitigation using proprietary techniques
- Regular Penetration tests conducted
- Protection against SQL injection and XSS attacks
- Systems access logged and tracked for auditing purposes
- Secure document-destruction policies for all sensitive information
- Fully documented change-management procedures
Access to your data in LeveragePoint is controlled using Access Control Lists that you have full control over. In addition, LeveragePoint offers companies flexibility in configuring various security controls to their corporate standards. These include:
- User timeout window
- Password strength
- Allowed number of failed password attempts
- Password expiry
- Restricting access to IP address range
All data exchanged with LeveragePoint is always transmitted over SSL using 256 bit encryption for maximum security.
Backups and Fault Tolerance:
Our architecture is designed with redundancy at each level to ensure maximum fault tolerance. Your data is backed-up and replicated to multiple locations. In the event of failure, LeveragePoint will switch to an alternative location to ensure high availability.
If you have any technical questions or concerns, please contact firstname.lastname@example.org. For security-related inquiries or to report a suspected security breach, please contact email@example.com.