NETRIO’s Security and Privacy teams establish policies and controls, monitor compliance with those controls, and prove our security and compliance
to third-party auditors.
We are in the process of achieving a SOC2 Type II attestation. Once achieved, we will make our SOC2 Type II report available on this page for download.
Our security controls are based on the following foundational principles:
|Data Access is segregated securely by customer within our Information Systems and our established processes.||Zero Trust Security is employed internally using an ‘Allow Listing’ approach and Network Storage Controls and Data Access Controls are in place to prevent Data Exfiltration.|
|Security Awareness Training is required for all staff members to prevent human actions from creating security incidents and/or events. In the event that something like this does occur, our network monitoring and automation tools have immediate host isolation capabilities.||Security by design, only specific roles within the organization have access to the data they need to see in order to perform their responsibilities.|
|Data Storage is governed by electronic policy, and is stored encrypted at rest and in transit in all communications.||Password Management is handled by an industry leading commercial software provider and governed by policy, procedure, and stringent password complexity, expiration, rotation and archival policies.|
|Endpoint Protection is mandatory and all corporate devices are equipped with state of the art Endpoint Protection, Threat Hunting, and Managed Security Software for the ultimate in security protection.||Email Security is treated as an extension of our internal data security policies. NETRIO employs the latest email filtering technology to best protect our clients and staff members from email borne threats.|
|Network Security is at the core of the NETRIO network design, architecture and management. We utilize enterprise class security solutions from vendors such as Fortinet, AlienVault, and others.||Identity and Access Management is centrally managed through an industry leader in Multi-Factor Authentication (MFA) to ensure user identity verification occurs at every entrance into our systems.|
|Cloud Security management is treated as an extension of our internal security measures. By using policy based enforcement, we are able to enforce the same standards around security controls both internally and in the cloud.||SaaS Security like many other organizations today, we rely on Software as a Service providers for many of our data processing requirements. We demand, audit, and maintain the proper security policies and controls in those environments that we do in our internal tools.|
|Vulnerability Assessments are performed on a daily, weekly, and monthly basis to ensure our configurations are properly protected and don’t represent risk to the various endpoints we use to conduct business.||Incident Response programs ensure that in the event of a security incident, we have the policies and procedures in place to handle it swiftly and appropriately, while notifying affected parties that the incident occured.|
For any questions or concerns about NETRIO’s Security and/or Information Security Policies, please feel free to reach out to us on our Contact Page for more information.
Last Update: 5/3/2023