Security

Net-Results Security

At Net-Results, we recognize that the security of our customers’ data is paramount. As such, security best practices are employed and ensured throughout our business operations.

Protecting Customer Data

Net-Results is available worldwide via secure, encrypted connections (SSL 3.0/TLS 1.1) using 128 bit certificates.

  1. Customer data is stored in SSAE-16 (formerly SAS70) audited hosting facilities
  2. Authenticated user sessions are re-verified on each transaction and protected by unique session tokens
  3. Backups are performed multiple times per day
  4. Offsite backups are transported securely and securely destroyed when retired
  5. Net-Results maintains Safe Harbor certification
  6. Net-Results complies with FERPA requirements for educational institutions

Application Security

Net-Results actively monitors its codebase for security vulnerabilities identified by the Open Web Application Security Project.

  1. The Net-Results service undergoes and passes 3rd party assessments on a regular basis including:
    • Application layer threat and vulnerability assessments
    • Network vulnerability assessments
    • Selected penetration testing
  2. Net-Results regularly patches both applications and servers to provide protection from known exploits

Physical and Environmental Security

Net-Results’ services are hosted in top-tier data centers, the security characteristics of which include

  1. Facilities manned 24x7x365
  2. Site entrances controlled by electronic perimeter access card system
  3. Security camera monitoring covering all entrances and space inside/outside data centers
  4. Entrances secured by mantraps with interlocking doors
  5. SSAE-16 & HIPAA Compliant, Safe Harbor Certified
  6. Redundant N+1 Generac Diesel Generators
  7. Redundant N+1 Powerware 9395 550 kVA UPS
  8. Redundant ASCO Closed Transition Bypass Isolation Transfer Switches
  9. Liebert PDU Units
  10. Redundant Liebert 20 and 22 Ton Upflow Air Conditioning Units

System Monitoring

Net-Results uses a number of tools to proactively monitor for problems that could affect data security or application performance.

  1. Baseline data related to dozens of parameters tracked and charted in near real-time
  2. Our systems team may be alerted via a number of communications channels 24×7 with automated notifications when parameters approach or exceed thresholds
  3. All system accesses are logged for auditing purposes
  4. Application access and usage are audited, stored and analyzed per internal security practices

Administrative Controls

  1. Only authorized Net-Results personnel have access to customer data
  2. Server access is limited, logged and backed up
  3. Third-parties (including contractors) are never given access to Net-Results’ development or production servers