Shape Software Inc. (“Shape” or “Shape Software”) and our affiliates take security very seriously and have developed a comprehensive set of practices, technologies and policies to help ensure your data is secure. This document outlines some of our providers mechanisms and processes we have implemented to help ensure that your data is protected. Our security practices are based on tier of service selected by our customer and are grouped in four different areas: Physical Security; Network Security; People Processes and Redundancy and Business Continuity.
Our providers data-centers are hosted in some of the most secure facilities available.
24x7x365 Security – The data centers that host your data are guarded seven days a week, 24 hours a day, each and every day of the year by private security guards.
Video Monitoring – Each data center is monitored 7x24x365 with night vision cameras.
Controlled Entrance – Access to the data centers is tightly restricted to a small group of pre-authorized personnel.
Biometric Authentication – Two forms of authentication, including a biometric one, must be used together at the same time to enter a data center.
Undisclosed locations – Servers are located inside generic-looking, undisclosed locations that make them less likely to be a target of an attack.
The security team and infrastructure helps protect your data against the most sophisticated electronic attacks. The following is a subset of our network security practices.
SSL Certification – The communication between your computer and providers servers is encrypted. What this means is that even if the information traveling between your computer and our servers were to be intercepted, it would be nearly impossible for anyone to make any sense out of it.
IDS/IPS – Provider network is gated and screened by highly powerful and certified Intrusion Detection / Intrusion Prevention Systems.
Control and Audit – All accesses are controlled and also audited.
Virus Scanning – Servers are scanned for viruses using top of the line up to date virus scan protocols.
Providers data center infrastructure is not just technology, but a disciplined approach to processes. This includes policies about escalation, management, knowledge sharing, risk, as well as the day to day operations.
Access Employees – Only employees with the highest clearance have access to the data center data. Employee access is logged and passwords are strictly regulated. Providers limit access to customer data to only a select few of these employees who need such access to provide support and troubleshooting.
Audits – Audits are regularly performed and improvements made based on those findings.
As-Needed Basis – Accessing data center information as well as customer data is done on an as-needed only basis, and only when approved by management.
The process is designed to protect your data and security even in times of system failures.
Power Redundancy – Providers configure its servers for power redundancy – from power supply to power delivery.
Internet Redundancy – Provider is connected to the world –and you- through multiple Tier-1 ISPs. So if any one fails or experiences a delay, you can still reliably get to your applications and information.
Network Devices – Provider runs on redundant network devices (switches, routers, security gateways) to avoid any single point of failure at any level on the internal network.
Cooling and Temperature – Intense computing resources generate a lot of heat, and thus need to be cooled to guarantee a smooth operation. Provider servers are backed by temperature control systems.
Fire Prevention – The Providers data centers are guarded by industry-standard fire prevention and control systems.
Data Protection & Back-up – User data is backed-up periodically across multiple servers, helping protect the data in the event of hardware failure or disaster.