SYSTEM AVAILABILITY AND SECURITY
WESTAF takes pride in and works diligently to ensure industry-leading system availability and security. The ZAPP® system has the highest level of redundancy necessary to eliminate a single point of failure. We host ZAPP® on a highly secure, multi-tier architecture, which is deployed on a clustered, multi-region cloud environment. The system contains intrusion detection services, utilizing both proactive and reactive network security to ensure the latest in regulatory compliance, including Payment Card Industry (PCI) Data Security Standards (DSS). Firewalls and intrusion detection systems provide the latest security services for the network. Multiple redundant web servers are load balanced to service requests to the system. Data is stored within the latest cloud-based storage services, which are replicated across multiple data centers. The system is continually monitored for optimal availability, reliability, and integrity. ZAPP® uses SSL encryption to secure all account access to all services.
To ensure maximum protection of client data, WESTAF supports all three areas of data security: physical security, operational security, and system security. Physical security includes locking down and logging all physical access to servers at our data center; operational security refers to business processes that follow security best practices to maintain tight security and limit access to confidential information over time; and system security involves locking down customer systems from the inside, starting with hardened operating systems and up-to-date patching.
Physical Security: Controls at Amazon Web Services Data Centers
- Data center access limited to data center technicians
- Biometric scanning for controlled data center access
- Security camera monitoring at all data center locations
- 24/7 onsite staff provides additional protection against unauthorized entry
- Unmarked facilities to help maintain low profile
- Physical security audited by an independent firm
- System installation using hardened OS with regular security patches
- System patching configured to provide ongoing protection from exploits
- Data is encrypted at rest in the database and on the filesystem drives.
- Data is encrypted in transit using TLS 1.2+
- Dedicated firewall and VPN services to block unauthorized system access
- Data protection with managed, incremental backup throughout the day for all data; at least 10 incremental copies of all data at any point in time in multiple physical locations
- Dedicated intrusion detection devices to provide an additional layer of protection against unauthorized system access
- Distributed denial of service (DDoS) mitigation services
- All employees trained on documented information security and privacy procedures
- Access to confidential information restricted to only authorized individuals, according to documented processes
- Systems access logged and tracked for auditing purposes
- Secure document-destruction policies for all sensitive information
- Fully documented change-management procedures
- Independently audited disaster recovery and business continuity plans in place for server headquarters and support services
- Best practices used in the random generation of passwords to access cloud instances and accounts
- All passwords encrypted during transmission and while in storage
- Secure media handling and destruction procedures for all customer data
- PCI compliance as a level 3 merchant with an annual SAQ-A and quarterly compliance scans from a third party firm.
WESTAF prides itself on its robust security and data recovery policies. Redundancy, reliability, and security are primary features WESTAF considers in designing and implementing security for hosted systems. WESTAF maintains enterprise-level server capabilities and manages a PCI compliance program that keeps the organization's major web systems constantly compliant.