Security & Business Continuity
Our clients and suppliers entrust us with the most important information relating to their businesses. The nature of this relationship requires strict security, privacy, and confidentiality policies and procedures. By safeguarding the information we receive and process for our clients, A.B. Data earns their ongoing trust.
A.B. Data has developed a suite of physical, logical, and behavioral security standards intended to fulfill the regulatory needs of our clients in a variety of industries including financial services, insurance, health care, legal, government, nonprofit, and more.
These standards involve strict controls throughout our enterprise including systems, buildings, behavior, and processes. Areas of critical concern covered by our information and physical security policies and practices include:
- System Monitoring and Logging
- Change Management
- Production, Handling, Storage, and Destruction of Client Data and Materials
- Third-Party Data-Hosting Facilities (when applicable)
- Building Interior and Exterior
- Personnel, Visitor, Vendor, and Contractor Access
- Electronic Access Control (ACS) and ID Badges
- Building Visitor Areas
- Closed-Circuit Television (CCTV)
- Intrusion and Fire Alarm System
- Doors, Windows, and Loading Docks
- Incident Reporting
- Business Continuity and Disaster Recovery
COMPLIANCE AND CERTIFICATIONS – A.B. Data maintains a Payment Card Industry Data Security Standards (PCI DSS) certificate of compliance. We are also a SSAE 18 (SOC 1) examined organization. We maintain controls required for consistent quality and to protect Personally Identifiable Information (PII), sensitive data, and highly sensitive data. Further, we hold HIPAA Business Associate Agreements and protect Personal Health Information (PHI) in accordance with HIPAA and HITECH requirements.
A.B. Data is an SOC 1 reviewed company and is frequently subjected to physical, logical, data, and information systems security reviews and audits. We are compliant with our clients’ security standards including the Payment Card Industry (PCI) data security standards; the Gramm-Leach-Bliley (GLB) Act of 1999; the National Association of Insurance Commissioners (NAIC) Regulations; the Health Insurance Portability and Accountability Act (HIPAA) of 1996; and the Health Information Technology for Economic and Clinical Health Act (HITECH).