SAVO understands the concerns customers
face when it comes to protecting data.

To this end, SAVO has made significant investments in key tools, processes
and infrastructure to protect data. SAVO continuously improves our safeguards,
application and processes to meet the new challenges of security.

Certifications and Accreditations:

SSAE 16 SOC1 and SOC2

  • First and ONLY Sales Enablement solution provider to achieve this type of compliance

Truste Certification

  • Leading privacy certification for transparent privacy practices

EU-US Safe Harbor

  • Certified with Department of Commerce Safe Harbor framework

Secure SSL Certificates

  • Symantec-Verisign issued trusted SSL certificates for secure browsing

Secure Data Centers

Our infrastructure is collocated at carrier-class, SSAE 16 Compliant, state-of-the art data centers. These facilities implement:

Access Control and Physical Security

  • 24×7 manned onsite security, including foot patrols and perimeter inspections
  • Ballistic entrances/bullet proof glass
  • Biometric hand readers for identification and access
  • Mantraps for physical security
  • Dedicated concrete-walled data center rooms
  • Computing equipment in locked steel cages
  • Video surveillance throughout facility and perimeter
  • Secure building engineered for local seismic, storm and flood risks
  • Asset removal tracking

Environmental Controls

  • Humidity control and temperature maintenance
  • Redundant (N+1) cooling system

Power

  • Controlled power density and redundant power distribution units (PDUs)
  • Redundant UPS systems
  • N+1 at full load generators with redundant fuel supply

Fire Detection and Suppression

  • VESDA (very early smoke detection apparatus)
  • Dual-alarmed, dual-interlock, multi-zone, pre-action dry pipe water-based fire suppression

Connectivity

  • Built-in carrier access with diverse carrier entrances
  • Redundant internal networks and connectivity
  • N+1 core network equipment infrastructure – switches, firewalls, load balancers
  • Fiber paths into the building
  • High-bandwidth capacity

Secure Transmission and Sessions

  • Verisign signed, high-grade encryption AES 256 SSL certificates for connection to our environment.
  • Individual user sessions identified and re-verified with each transaction, using a unique token created at login
  • Security parameters customized to suit each customer’s password polices.
  • Encryption of all cookies over secure protocol

Network

  • Redundant perimeter firewalls and edge routers block unused protocols
  • Intrusion detection systems monitor and report on unusual traffic
  • Internal access control lists segregate traffic between the application and database tier
  • 24x7x365 network monitoring capabilities provide visibility and early detection

Encryption

  • Encrypted data-in-transit for data traveling across and within systems
  • Encrypted data-at-rest for data stored in SAVO storage systems
  • Encrypted backups for backup tape offsite storage

Internal and Third-Party Testing and Assessments

  • Weekly vulnerability scans of our network by Qualys
  • Quarterly third party independent vulnerability assessment of application
  • Internal QA scanning of application security using third-party tools
  • Regular penetration testing
  • Our information security department monitors notifications from various sources and alerts from internal systems to identify and manage threats

Disaster Recovery and Backups

  • All data is backed up to tape at each data center, on a rotating schedule of incremental and full backups
  • Tapes are encrypted and sent offsite for storage with Iron Mountain
  • Fully configured and available hotsite for disaster recovery
  • Data is replicated and transmitted across encrypted links