Host Compliance makes securing your data and systems easy

Protecting your data and services is our top priority and we go to great lengths to ensure data availability, confidentiality, and integrity. Read on to learn how working with us can make you benefit from the world’s leading cloud and payment technologies without ever having to worry about security, compliance and hardware failures again.

 
AWS.png
 

Host your data in the world's most advanced data centers

  • Hosts your applications and data on Amazon Web Services (AWS) which provides a highly reliable and scalable infrastructure platform in the cloud
  • AWS is the the world's largest data center provider and powers hundreds of thousands of organization in 190 countries including government institutions such as the:
    • U.S. Department of State
    • U.S. Department of Energy
    • City of Los Angeles, CA
    • King County/City of Seattle, WA
    • Kansas City, KS
    • Multnomah County/Portland, OR
  • AWS is a secure, durable technology platform with industry-recognized certifications and audits:
    • PCI DSS Level 1, ISO 27001
    • FISMA Moderate
    • FedRAMP
    • HIPAA
    • SOC 1 (formerly referred to as SAS 70 and/or SSAE 16)
    • SOC 2
 

GUARANTEE THE PHYSICAL SECURITY OF YOUR DATA

  • The physical access to our data cernters is strictly controlled by professional security staff using a combination of video surveillance, intrusion detection systems, multiple sets of two-factor authentication and other electronic means
  • Only authorized personnel with legitimate business needs are granted access
  • All physical access is logged and audited routinely and all visitors require ID and are escorted by authorized staff
  • AWS maintains and continues to enhance their SOC reports, certifications, including SOC, PCI, ISO and many more
AWS Physical Security.jpg
 
AWS Environmental Security.jpg

DON'T LET FIRE OR NATURAL DISASTERS STOP YOU FROM SERVING YOUR CITIZENS

  • AWS’ data centers have automatic fire detection and suppression equipment
  • Each data center has fully redundant electrical power systems that are maintainable without impact to operations 24x7 and have UPS and back-up generators in case of electrical failure for critical and essential loads
  • Climate and temperature are precisely controlled by personnel and systems to ensure optimal performance of servers and other hardware
  • All systems and equipment are monitored and receive preventative maintenance to maintain continued operability
 

LET US WORRY ABOUT BUSINESS CONTINUITY SO YOU DON'T HAVE TO

  • All Host Compliance systems are designed to tolerate system or hardware failures with minimal customer impact
  • All core applications are deployed in an N+1 configuration, so that in the event of a data center failure, there is sufficient capacity to enable traffic to be load balanced to the remaining sites
  • Services deployed into multiple Availability Zones to ensure that we can continue to function in the event of a temporary loss of a data center
  • Data center Business Continuity Management managed by dedicated team under the direction of the Amazon Infrastructure Group which also runs Amazon.com
Business Continuity Plan.png
 
HTTPS.png
 

Secure all data transmission and sessions to prevent unauthorized access

  • Connection to the Host Compliance products and services environment is through secure socket layer/transport layer security (SSL/TLS), using strong encryption and authentication (TLS 1.2 with SHA256 certificate)
  • All sessions are terminated after 30 minutes of inactivity, or implicitly by a user sign out event
 

REST ASSURED THAT WE ENFORCE STRICT ACCESS CONTROL, PASSWORD SECURITY AND ENCRYPTION STANDARDS SO YOU DON'T HAVE TO

  • World-class password security standards:
    • User IDs and passwords are both set by the user
    • One-time passwords are never used
    • Password strength and a limitation on login attempts are configurable
    • Passwords are encrypted
  • Within the application, both group and role based access rights can be assigned, allowing full control over what a user can see and use
  • Our applications maintains an detailed event log, capturing items such as authentication, failed login attempts, asset creation, deletion, and modification
  • Servers do not use passwords and require 2048 bit RSA keys to provide direct access to the box. All keys are unique to individual administrators or service accounts and are not shared.
  • Network level firewalls prevent unauthorized traffic from reaching servers in the data center.
 
Access Control.jpg
 
 
AWS Backup.png

FEEL CONFIDENT KNOWING OUR DAILY REMOTE BACKUPS WILL ENSURE THAT YOUR DATA STAYS SAFE EVEN IN THE MOST CHALLENGING CIRCUMSTANCES

  • All data is backed up remotely using daily and weekly images
  • Master/slave replication ensures that database backups are hot-swappable
  • Backups and replications are not transported off site, but are stored in different Amazon data centers from the Host Compliance application to ensure that they can be recovered in case of loss of the primary data center
 

SLEEP WELL KNOWING THAT ALL NEW CODE IS CONTINUOUSLY TESTED, INTEGRATED AND REVIWED TO ENSURE INTEGRITY AND SECURITY

  • Host Compliance uses Continuous Integration (CI), a development practice that requires developers to integrate code into a shared repository several times a day. Each check-in is then verified by an automated build, allowing teams to detect problems early
  • All code is tested for security vulnerabilities before release, and we regularly scan our network and systems for vulnerabilities.
  • We deploy third-party vulnerability testing to ensure we can pass industry standard:
    • Application vulnerability threat assessments
    • Network vulnerability threat assessments
    • Selected penetration testing and code review
    • Security control framework review and testing
 
Code Testing.jpg
 
 
 
 

TRUST OUR BANK LEVEL SECURITY TO KEEP YOUR USERS' PAYMENT INFORMATION SAFE

  • All payments received by Host Compliance are processed through a 3rd party payment processor named Stripe and Host Compliance NEVER touches or stores any sensitive payment information.
  • Stripe processes payments for more than 100,000 other companies and organizations including Amazon, Target and Unicef.
  • Stripe employs 900 people and has received around $450 million in funding from the world's leading investors including Sequoia Capital, Visa, American Express, Peter Thiel, and Elon Musk
  • Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1:
    • This is the most stringent level of certification available in the payments industry
    • All card numbers captured by Stripe are encrypted on disk with AES-256
    • Decryption keys are stored on separate machines
    • None of Stripe’s internal servers and daemons can obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist
    • Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.)
 

INDUSTRY LEADING 24/7 Security monitoring LET US DETECT THREATS BEFORE THEY BECOME AN ISSUE

  • To identify and manage threats, Host Compliance’s, Amazon Web Services' and Stripe’s teams constantly monitors traffic and notifications from various sources and alerts from internal systems:
    • AWS provides us with tools and features that enable us to see exactly what’s happening in your AWS environment
    • Stripe uses a system called Radar to scan every payment using the most relevant signals to help detect and block fraud while
  • Security monitoring tools gives us the visibility we need to spot issues before they impact the business and allow us to constantly improve our security posture and reduce the risk profile of our environment
AWS Security and Logging.jpg
 
AWS Logo.png

LEARN MORE ABOUT HOST COMPLIANCE AND AWS' SECURITY SYSTEMS AND PROTOCOLS