Email Data Security

Savicom takes data security seriously, and we implement comprehensive email data security policies and technologies, including:

Physical security and data protection:

  • Physical access to the computers hosting data is controlled by 24 hour security
  • The computers hosting the data are housed in a key-locked "cage" in an off-site facility
  • Access to the computers hosting the customer data is strictly limited to an access control list
  • Photo ID and biometric identification required to access facility housing computers that host customer data
  • RFID Technology-based key cards required to enter all company facilities
  • Temperature is controlled in the off-site facility to prevent system failures that could compromise data
ASP/ESP application security:
  • The data transmission channel is strongly (128 bit) encrypted with SSL
  • Data read/write access is controlled by a first-level login and password
  • Data download access is controlled by a second/higher level login and password
  • Password policy insures strong passwords are used throughout the application
  • All passwords are one-way encrypted when created or changed
  • Passwords are never stored, emailed, displayed or decrypted in clear text
  • All data records are encoded within a custom database and are only readable by custom software
  • All users have a unique, sand-boxed database. Different user data are never commingled in the same database
  • Data entering and exiting the system by the user may optionally be PGP public/private key pair encrypted
  • Data is stored on systems that employ hardware RAID(1+0)
  • Automated data integrity checks are run on customer data on a regular basis
  • Internal server access is controlled with a PKI-based cryptographic key system
Administrative, network and procedural security:
  • All network traffic into and out of the ASP network is filtered by stateful inspection firewalls
  • System / network architecture does not allow direct shell access to any ASP system from outside of the companies network
  • System / network architecture closes all non-essential ports on all ASP systems in general, and on the systems hosting customer data in particular
  • All systems are monitored 24:7 and alerts are sent immediately upon any system failure
  • All customer data is backed-up daily on a five-day rolling cycle to a second hardware system
  • All customer data is backed up daily to a third, off-site location in another state
  • All employee PC's run current virus and spyware protection SW
  • Savicom employees do not have direct access to CD, DVD, or tape archiving systems
  • All Savicom employees have passed criminal background checks
  • An intrusion detection system (IDS) monitors and logs all network traffic

Email data security is a fundamental capability provided in all of Savicom's products and services.

See the complete list of Savicom features and capabilities for all of Savicom's solutions.




Questions about Savicom's features and capabilities?