Data Security Measures

last updated 02/28/2019

Our relationship with our customers is built on trust. Protecting our customers' data is a responsibility we take very seriously.

Redundant Internet Capabilities

For Internet connectivity, we use several enterprise providers that deliver fast and reliable access to our Services. In the event that an Internet provider experiences a system failure, ACST has redundant connections in place as a backup.

Enterprise Servers & Management

For our Desktop Services, we deploy and maintain enterprise grade servers running industry standard operating systems in our data center. Using this combination of reliable services, we’ve been able to maintain uptime of over 99.99% historically.

For our Websites and Services, we partner with Amazon Web Services (AWS) to host and store our sensitive customer data. AWS commits to at least 99.99% uptime and has a solid reputation in the security industry. AWS is PCI DSS Level 1 compliant as a Service Provider, holds numerous compliance certifications, and also maintains SAS70 Type II certification.

We monitor critical systems from multiple locations and collect historical data to ensure all systems are functioning at peak efficiency. We analyze performance trends to help us identify potential problems before they affect you.

Data Backup and Recovery

There are distinct differences in how we can assist our Customers when they need help with data backup and recovery for our Desktop and Web-based Services. The time to recover to restore your data depends on the Services you use and the circumstances under which your data was lost.

Desktop Services

Support can help Desktop customers make a backup of their data, but we cannot recover or restore lost or corrupt data that is stored locally.

Web-based Services

We're able to take elaborate measures to ensure we can recover and protect your data from many scenarios.

  • We back up data regularly and synchronize this data to our offsite disaster recovery location.
  • We back up your entire database using multiple methods to increase the security and availability of your data.
  • All the data you enter and leave in your ACST Web-based product is backed up.
  • We encrypt and store all backups in redundant locations and have access to your data backed up for a maximum of six months. This means that if you removed data 7 months ago, that data will not be available in a backup.

Firewall

To further protect your data, we use a combination of advanced hardware and software firewalls from leading network security providers. These firewalls secure your data from multiple threats (e.g. hackers, viruses, spybots, etc). Our staff continuously monitors logs and data points to ensure the integrity of our systems.

SSAE Certification

SSAE 18 is not a required certification in our industry. While ACST has considered becoming SSAE 18 certified, we have chosen not to as there isn’t a high demand to meet this standard. We believe the policies, practices and procedures ACST has in place to audit our security controls, run parallel to that of SSAE certification.

PCI Compliance

ACST has met the criteria for PCI Compliance, click here for more information about PCI Compliance.

Independent Auditors for Security

Information security tests are performed annually by RSM US LLP.

Facility Security

The data center building access is controlled by keycard entry. All entry points into the building and into the data center are monitored by security cameras 24 hours a day. Data center room access is limited to network administrative staff only.

Power Backup

Our data center is protected by an Uninterruptible Power Supply. It is further protected by a commercial generator, that can provide redundant utility power for our data and support centers, if needed.

Disaster Recovery Plan

ACST has a disaster recovery plan that is tested, reviewed, and updated annually with improvements.