As a leading provider of enterprise consent and preference management solutions, we understand how important it is to protect our customer’s data. Just as we go to great lengths to protect our client's privacy, we do the same to protect their data and provide a high level of system performance and reliability. We protect your data by implementing and following a strict protocol of security and compliance measures.
PossibleNOW’s Data Centers: Our highly secure data centers are hosted at QTS facilities with extensive physical and virtual safeguards in place.
Data Security Certifications and Policies: Our policies and practices are designed to provide our customers with peace of mind for regulatory compliance.
PossibleNOW understands that the confidentiality, integrity, security and availability of our customers' information are vital to their business operations and our own success. We have stringent standards and processes in place to ensure data safety and integrity while maintaining a high-level of performance.
PossibleNOW's services are hosted on dedicated platforms at highly secure data centers. We have a data center in Suwanee, Georgia and another in Irving, Texas (view links for data center specifications and details).
Highlights of the access security measures in place include:
Many of the additional security measures in place at the Suwanee, Georgia and Irving, Texas data centers are proprietary and confidential. To view QTS’s stated security measures, visit their site here. The following provides a high-level description of some of the additional security measures in place.
PossibleNOW's Data Center has CCTV monitored on a 24/7/365 basis and a private security force. There are no personal computers in the data storage area, only servers which are housed in a secure private cage. Any hardware brought into or removed from the data center is tracked and records are kept by Data Center Services (Quality Technology Services, the data center owner) and PossibleNOW's facilities manager. PossibleNOW's data center uses an environmentally-friendly power supply system that incorporates a steady stream of power from the local utility company and back-up power using constant power supply (CPS) and diesel generators. With the CPS system, there is no need for battery-powered UPS units.
PossibleNOW offers SSL for secure HTTP connections between a customer's computer and our servers in the data center. Any data that is sent encrypted remains encrypted. Additionally, intruder detection as well as fire detection and suppression systems are in place. Server, firewall, and critical system logs are reviewed, at a minimum, on a daily basis.
All customer data is stored in secure QTS data centers and is replicated over secure links to a disaster recovery data center. This design provides the ability to rapidly restore application services in the event of an outage or loss of a primary data center.
PossibleNOW's network components and servers use a redundant configuration to help ensure availability. All customer data is backed up daily with incremental backups made hourly. Backups are made to disk and disks are archived monthly off-site by Iron Mountain in their secure facility.
PossibleNOW's Systems Department is charged with securing all network resources, both centralized and decentralized, and has the responsibility and authority to monitor network traffic to confirm that security practices and controls are adhered to and are effective. All security monitoring shall be executed in accordance with PossibleNOW Information Security policies. PossibleNOW maintains certain privacy and security certifications as well as policies `that apply to all information handling processes.
PossibleNOW recognizes that our customers are subject to laws that govern the handling of personal information. As such, we seek to maintain compliance with such laws by providing a comprehensive privacy and security program that includes certifications, policies, practices, people, and technology.
The Payment Card Industry Data Security Standard (PCI DSS)
is an information security standard for organizations that handle branded credit cards from the major card companies. The standard was created to increase controls around cardholder data to reduce credit card fraud. PossibleNOW does not specifically store, process and/or transmit cardholder data as a part of our business transactions but we have chosen to maintain a certification with PCI DSS.
The Health Insurance Portability and Accountability Act (HIPAA)
sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance. Covered entities (anyone providing treatment, payment, and operations in healthcare) and business associates (anyone who has access to patient information and provides support in treatment, payment, or operations) must meet HIPAA Compliance. Other entities, such as subcontractors and any other related business associates must also comply. PossibleNOW does not specifically store, process and/or transmit patient data as a part of our business transactions but we have chosen to maintain our environment in compliance with HIPAA standards.
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. As an entity operating in global markets PossibleNOW and its Subsidiaries receive personal data from EU or Swiss individuals. PossibleNOW and its Subsidiaries are Privacy Shield certified to confirm its commitment to complying with the Privacy Shield principles.
PossibleNOW’s comprehensive privacy and security program includes communicating with personnel and customers about current issues and best practices.
Upon hiring, each employee undergoes training on PossibleNOW's Information and Data Security policies and must sign a statement that they have received such training. Updates to the Information and Data Security training are conducted as necessary throughout the employee's tenure at PossibleNOW.
PossibleNOW strongly encourages all customers and users to adopt industry-standard solutions to secure and protect their authentication credentials, networks, servers, and computers from security attacks. PossibleNOW contacts customer administrators about specific security issues when warranted. Additionally, all PossibleNOW personnel are required to follow PossibleNOW's confidentiality, privacy, and information security policies.