S.A.F.E. Security Auditing
Because we work with Fortune 500 brands, we have complex information systems and technologies. Building trust and confidence in that infrastructure is critical for service organizations like Alta Resources.
Whether we’re processing a brand’s online payments or fulfilling its outbound shipments, we must harbor the ultimate in security, privacy and confidentiality across information technology, facilities and more. And that calls for a S.A.F.E. environment, in which we invest nearly $1 million annually. That’s a serious commitment to safety, security and reliability.
Security Auditing, Securing Our Future Environment
Securing Alta’s Future Environment is an initiative to ensure that our physical, software, hardware and network securities are top of the line. Whereas PCI compliance governs the subset of data pertaining to financials and payments, S.A.F.E. secures other highly sensitive client and consumer information, including what is stored and transmitted across email and CRM systems, Web servers, etc. That calls for meeting a variety of agency and security-auditing standards:
- Personally identifiable information (PII)
- Personal health information (PHI)
- U.S. Food and Drug Administration (FDA)
- Health Information Technology for Economic and Clinical Health (HITECH) Act
- Health Insurance Portability and Accountability Act (HIPAA)
- The Trust Services Principles, which are governed by the American Institute of Certified Public Accountant (AICPA) and are documented in a report called Service Organization Controls (SOC)
Audits are the responsibility of our industry-certified security officer and Governance Board, who together review security standards on an ongoing basis. Included in the process is complying with the required security-auditing documentation, then facilitating on-site audits that often include system detection, maintenance and reports.
Passing an audit requires a variety of checkpoints across online and offline security. For example, we must be physically secure, having in place badge readers; access-controlled facilities; password-protected workstations; document best practices; and a variety of initiatives mandated for employees, including strict policies and guidelines. We must also enforce strict Internet permissions, physical encryption, file-sharing protocol, anomaly-detection systems, automated log monitoring and more.
When you combine all those security-auditing standards with our PCI compliance, you could say that were redefining what it means to be S.A.F.E.