— DATA SECURITY AND COMPLIANCE

Our Data security Policies and Procedures

We are acutely aware of how crucial it is to protect personally identifiable information. Here is an overview of the comprehensive policies and procedures we have established to safeguard you and your clients.

FAQ

Data Centers

Alpineyards Technologies (AYT) hosts and manages its physical infrastructure within Microsoft Azure’s secure data centers, leveraging Microsoft Azure technology. Microsoft Azure continuously manages risk and conducts regular assessments to ensure compliance with industry standards. The operations of Microsoft Azure data centers are accredited under:

  • ISO 27001, ISO 27017, ISO 27018
  • SOC 1/SSAE 16/ISAE 3402, SOC 2, SOC 3
  • PCI DSS Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)
  • SEC Rule 17a-4(f)

For more details, please refer to: Microsoft Azure Cloud Compliance

PCI

We utilize PCI-compliant payment processor Stripe for secure encryption and processing of credit card payments. AYT’s infrastructure provider maintains PCI Level 1 compliance.

Physical Security

AYT employs ISO 27001 and FISMA-certified data centers managed by Microsoft Azure. Microsoft Azure brings extensive experience in designing, building, and operating large-scale data centers to the Azure platform. These data centers are located in nondescript facilities, featuring robust setback and military-grade perimeter control berms, along with other natural boundary protections. Physical access is stringently controlled at both the perimeter and building ingress points by professional security staff utilizing video surveillance, state-of-the-art intrusion detection systems, and other electronic means. Authorized personnel must pass two-factor authentication at least three times to access data center floors. All visitors and contractors must present identification and are continuously escorted by authorized staff.

Microsoft Azure grants data center access and information only to employees with a legitimate business need. If an employee no longer requires these privileges, their access is promptly revoked, even if they remain employed by Microsoft or Microsoft Azure. All physical and electronic access by Microsoft Azure employees is logged and routinely audited.

For further details, see: Microsoft Azure Cloud Security

Data Security

Data in Transit

  • All data transmission between your computer and our servers is encrypted using industry-standard HTTPS protocol.
  • Our HTTPS implementation has received an A rating from independent Qualys SSL Labs.
  • We employ a 2048-bit asymmetric and 256-bit symmetric encryption for our SSL certificate.
  • We enforce HTTP Strict Transport Security (HSTS) to ensure only secure connections to our website, which is recognized by Google Chrome, Safari, IE 11, Edge, and Firefox.
  • Our servers utilize Perfect Forward Secrecy (PFS) to safeguard data transmission for modern web browsers, ensuring past communications remain confidential even if a long-term secret key is compromised.

Data at Rest

All personally identifiable information, including your name, email, address, and uploaded documents, is encrypted when stored. This data is encrypted using the Advanced Encryption Standard 256 (AES-256) algorithm, which is established by the National Institute of Standards and Technology (NIST) and approved by the NSA for top-secret information.

Environmental Safeguards

Fire Detection and Suppression

Automatic fire detection and suppression systems are installed to minimize risk. These systems use smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms, and generator equipment rooms. These areas are protected by wet-pipe, double-interlocked pre-action, or gaseous sprinkler systems.

Power

Data center electrical power systems are designed to be fully redundant and maintainable without impacting operations, 24/7. Uninterruptible Power Supply (UPS) units provide backup power in the event of an electrical failure for critical and essential loads. Data centers utilize generators to provide backup power for the entire facility.

Climate and Temperature Control

Climate control is essential for maintaining optimal operating temperatures for servers and other hardware, preventing overheating and service outages. Data centers are conditioned to maintain appropriate atmospheric conditions, with monitoring systems and personnel ensuring temperature and humidity levels are maintained.

Management

Data center staff monitor electrical, mechanical, and life support systems and equipment, enabling immediate identification of issues. Preventative maintenance is performed to ensure the continued operability of equipment.

Disaster Recovery

AYT replicates customer data to at least two different locations at any given time to safeguard against failure or local disasters. The AYT platform is designed for stability and scalability, inherently mitigating common issues that lead to outages while maintaining recovery capabilities. Our platform maintains redundancy to prevent single points of failure, replaces failed components, and utilizes multiple data centers designed for resiliency. In the event of an outage, the platform is deployed across multiple data centers using current system images, and data is restored from backups. AYT reviews platform issues to understand root causes, customer impacts, and improve the platform and processes.

Network Security

Firewalls

Firewalls are used to restrict access to systems from external networks and internally between systems. By default, all access is denied, and only explicitly allowed ports and protocols are permitted based on business needs. Each system is assigned to a firewall security group based on its function, ensuring access is limited to necessary ports and protocols to mitigate risk.

Host-based firewalls further restrict customer applications from establishing localhost connections over the loopback network interface, isolating customer applications. They also provide the capability to limit inbound and outbound connections as necessary.

DDOS Mitigation

Our infrastructure employs DDoS mitigation techniques, including TCP Syn cookies and connection rate limiting, alongside maintaining multiple backbone connections and internal bandwidth capacity that exceeds Internet carrier-supplied bandwidth. We collaborate closely with our providers to respond swiftly to events and enable advanced DDoS mitigation controls when required.

Spoofing and Sniffing Protections

Managed firewalls prevent IP, MAC, and ARP spoofing on the network and between virtual hosts. Packet sniffing is prevented by infrastructure, including the hypervisor, which does not deliver traffic to an interface it is not addressed to. AYT utilizes application isolation, operating system restrictions, and encrypted connections to further mitigate risk at all levels.

Port Scanning

Port scanning is prohibited, and every reported instance is investigated by our infrastructure provider. Detected port scans are stopped, and access is blocked.

FAQ
Personalized advice.
Trusted relationships.

For every single client

© 2024 ALPINEYARDS PTE. LTD. (UEN 202413317D) AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED.
other