Net-Results Security
At Net-Results, we recognize that the security of our customers’ data is paramount. As such, security best practices are employed and ensured throughout our business operations.
Protecting Customer Data
Net-Results is available worldwide via secure, encrypted connections (TLS 1.2 protocol, ECDHE_RSA with P-256 key exchange, AES_256_GCM cipher).
- Customer data is stored in SSAE-16 (formerly SAS70) audited hosting facilities
- Authenticated user sessions are re-verified on each transaction and protected by unique session tokens
- Backups are performed multiple times per day
- Offsite backups are transported securely and securely destroyed when retired
- Net-Results is an active participant in the EU/US and Swiss/US Privacy Shield Framework. View our status here.
- Net-Results complies with FERPA requirements for educational institutions
Application Security
Net-Results actively monitors its codebase for security vulnerabilities identified by the Open Web Application Security Project.
- The Net-Results service undergoes and passes 3rd party assessments on a regular basis including:
- Application layer threat and vulnerability assessments
- Network vulnerability assessments
- Selected penetration testing
- Net-Results regularly patches both applications and servers to provide protection from known exploits
Physical and Environmental Security
Net-Results’ services are hosted in top-tier data centers, the security characteristics of which include
- Facilities manned 24x7x365
- Site entrances controlled by electronic perimeter access card system
- Security camera monitoring covering all entrances and space inside/outside data centers
- Entrances secured by mantraps with interlocking doors
- SSAE-16 & HIPAA Compliant, Safe Harbor Certified
- Redundant N+1 Generac Diesel Generators
- Redundant N+1 Powerware 9395 550 kVA UPS
- Redundant ASCO Closed Transition Bypass Isolation Transfer Switches
- Liebert PDU Units
- Redundant Liebert 20 and 22 Ton Upflow Air Conditioning Units
System Monitoring
Net-Results uses a number of tools to proactively monitor for problems that could affect data security or application performance.
- Baseline data related to dozens of parameters tracked and charted in near real-time
- Our systems team may be alerted via a number of communications channels 24×7 with automated notifications when parameters approach or exceed thresholds
- All system accesses are logged for auditing purposes
- Application access and usage are audited, stored and analyzed per internal security practices
Administrative Controls
- Only authorized Net-Results personnel have access to customer data
- Server access is limited, logged and backed up
- Third-parties (including contractors) are never given access to Net-Results’ development or production servers