At ThirdSentry, we prioritize the security of your data and maintain rigorous controls to safeguard it against unauthorized access, breaches, and other cyber threats. Our comprehensive approach to security encompasses infrastructure, data protection, application security, and operational practices.
1. Infrastructure Security
We utilize enterprise-grade cloud infrastructure to provide a robust and reliable foundation for our services.
Hosting Environment
Our data is hosted on [Cloud Provider], which offers industry-leading security controls and compliance with major standards, including ISO 27001 and SOC 2.
Data Centers
- Certified for ISO 27001, SOC 2, and PCI DSS
- 24/7 monitoring with intrusion detection systems
- Fire suppression and environmental controls
Network Security
- Firewalls and intrusion prevention systems (IPS) to protect against unauthorized access and attacks
- Regularly updated network segmentation to isolate sensitive systems
Server Security
- Regular operating system and software updates to mitigate vulnerabilities
- Hardened server configurations based on CIS benchmarks
2. Data Protection
We implement industry-standard encryption and stringent access controls to ensure your data remains secure and confidential.
Encryption
- In Transit: All data transmitted between users and our servers is secured using TLS 1.2+ encryption
- At Rest: Data is encrypted using AES-256 encryption standards to prevent unauthorized access
Backups
- Data is backed up daily and stored securely in geographically redundant locations
- Backup integrity is verified regularly through automated checks and restoration tests
Access Controls
- Role-based access control (RBAC) ensures that only authorized personnel can access specific data
- Multi-factor authentication (MFA) is enforced for all administrative access
Data Retention
We retain customer data only as long as necessary to fulfill contractual obligations or comply with legal requirements.
3. Application Security
Our application is designed with security in mind, implementing robust controls to protect user accounts and data.
Authentication Methods
- Support for Two-Factor Authentication (2FA) and Single Sign-On (SSO) using leading identity providers
- Passwords are hashed and salted using modern algorithms like bcrypt
Session Management
Sessions are secured with timeouts and activity monitoring to reduce exposure to session hijacking.
Access Control
- Granular access levels ensure that users only have access to data and features necessary for their roles
- Regular audits of access permissions
4. Security Operations
We maintain a proactive security posture with continuous monitoring, testing, and incident response capabilities.
Security Monitoring
- Continuous monitoring of systems and applications for suspicious activity using advanced SIEM tools
- 24/7 alerting and response for anomalies
Incident Response
- A formal incident response plan is in place, ensuring timely detection, containment, and remediation of security incidents
- Post-incident reviews are conducted to strengthen defenses
Regular Security Testing
- Applications and infrastructure undergo regular penetration testing by independent security experts
- Automated vulnerability scanning ensures known risks are mitigated promptly
Vulnerability Management
Identified vulnerabilities are prioritized based on risk and remediated within predefined SLAs.
5. Compliance & Certifications
We adhere to recognized industry standards to provide assurance of our security practices.
Compliance Frameworks
- SOC 2 Type II
- ISO 27001
- GDPR (General Data Protection Regulation)
- CCPA (California Consumer Privacy Act)
Certifications
Certificates of compliance are available upon request.
Audits
Regular audits are conducted by independent third-party firms to verify compliance and security practices.
6. Employee Security
Our employees are trained and equipped to maintain the highest security standards.
Security Training
All employees undergo mandatory security training during onboarding and regular refresher courses.
Access Controls
Role-based access is enforced across systems. Employees are granted access only to the systems necessary for their roles.
Background Checks
Comprehensive background checks are conducted for all employees with access to sensitive systems or data.
Security Awareness Program
Continuous education on emerging threats, phishing, and best practices to protect organizational and customer data.
7. Physical Security
We take stringent measures to secure our facilities and equipment.
Office Security
- Restricted access to offices with keycard systems and biometric authentication where applicable
- Security cameras monitor entry and exit points
Hardware Security
- All workstations and mobile devices are encrypted and secured with endpoint protection
- Remote wipe capabilities are enabled for lost or stolen devices
Environmental Controls
Facilities are equipped with fire suppression systems, uninterruptible power supplies (UPS), and climate controls to ensure operational continuity.
8. Commitment to Continuous Improvement
At ThirdSentry, we recognize that security is a continuous process. We are committed to:
- Evolving our security practices to meet emerging threats
- Adopting new technologies to enhance our security posture
- Regular review and updates of security policies and procedures
- Maintaining transparency with our customers about our security measures
Contact Us
If you have questions or need more information about our security practices, please contact us at:
This security statement was last updated on [Insert Date]. We regularly review and update this statement to reflect changes in our security practices and capabilities.
Contact Us
If you have questions or need more information about our security practices, please contact us at: