POcontrol.com Security Policy

Overview
POcontrol.com provides state-of-the-art security to ensure that your data is safe at all times. We understand that data security is your priority, which is why we have made it our priority. Over the years we have invests significant resources to keep our security infrastructure updated and current.

Physical Security
Our application servers are co-located in a purpose-built facility with 24-hour CCTV and physical security, Boon Edam door entry (airlock type entry), redundant electrical generators, and other back-up equipment required to keep servers continually up and running.

Perimeter Access/Defence
Our majorr network backbone includes 3 connections to separate network service providers. Network perimeters are protected by custom-configured firewalls provided by leading security vendors. POcontrol routinely penetration tests all aspects of the network infrastructure.

User Authentication
Users access POcontrol.com only with a valid username and password combination. These are encrypted using SSL while in transmission. Users' credentials are verified before access to the POcontrol applications is granted.

Application Security
The application security model has been designed to prevent one POcontrol customer from accessing another's data. This security model is applied to every data request and enforced for the entire duration of a user session.

Operating System Security
We enforce tight operating system-level security by using a minimal number of access points to all production servers. All operating system accounts are password protected. All operating systems are maintained at each vendor's recommended patch levels for security. All operating systems are further secured by disabling and/or removing any unnecessary users, protocols and processes.

Database Security
Whenever possible, database access is controlled at the operating system and database connection level for additional security. Access to production databases is limited to a number of points.

Server Management Security
All data entered into the POcontrol application by a customer is owned by that customer. POcontrol employees/representatives do not have direct access to the POcontrol production equipment, except where necessary for system management, maintenance, monitoring, and backups. POcontrol employees/representatives who have access to the production equipment are rigorously background checked.

Data Backup
POcontrol.com applications reside on clustered servers ensuring the highest levels of availability. All customer data is backed up every 16 minutes . Backup files are also transferred electronically to a disaster recovery location every 24 hours.

Disaster Recovery Plan
Our hosting facility has been designed to withstand many foreseeable catastrophic failures such as power outages, contractor mishaps, fire, flood, and theft. The site has power that is supplied on separate feeds entering from different sides of the building. It also has full UPS and generator capabilities in case of a power outage. In the unlikely event of a catastrophic site failure, POcontrol has a comprehensive recovery plan in place. Additional hosting equipment at a separate location is capable of performing all hosting functions in the case of such an emergency, with sufficient capacity for customers until such time as POcontrol's applications can be restored at their original location or at a replacement hardened hosting facility.

Summary
As a service provider our aim is to deliver a best-of-breed security infrastructure comprising of proven, cutting-edge technologies. POcontrol.com delivers the most comprehensive security available, including firewalls and encryption devices sourced from leading Internet security vendors, configured by expert professionals, and rigorously tested before going into production.