Data Security


         

Does your print service provider have security controls in place to protect your data files? Shapco recently completed a comprehensive review of procedures designed to assure the highest levels of data security. Undertaken by third-party auditors, the SOC II and SOC III reports include four key areas of review: Processing Integrity, Availability, Confidentiality, and Physical and Network Security. The lengthy auditing process, launched in 2014, scrutinizes the way that Shapco collects, processes, forwards, retains, organizes, maintains, and disposes of client information.

Every day, the media inform us of data breaches within various businesses and enterprises. The average cost per security breach incident for a business is $5.4 million. A breach takes approximately 80 days to detect and 123 days to resolve. The top three reasons for these breaches, according to CSID, a leading provider of identity protection and fraud detection services: 41% are malicious or criminal attacks, 33% are due to human factors such as disclosing passwords, and 26% are the result of system glitches.

For clients requiring a high level of data security, the SOC audit report provides details of our wide ranging data security practices, all carefully designed to protect client data. Shapco is committed to continuing this process by adding the necessary tools to further enhance our data-secured environment in a world of constantly changing threats.

Security related auditing and controls in place:

Logon attempts.
Connection and disconnection from designated resources.
Connection termination. Disabling of accounts.
Opening and closing of files.
Changes made to files.
Creation or deletion of directories.
Directory modification.
Server events and modifications.
Password changes.
Logon parameter changes.
Entry Access System.
Security Camera with 30 day recording.
All visitors & vendors are logged with photo capture.
Offsite Data recovery.
Disabling any removable storage devices.
Scheduled patch management.

Anti-Virus.
Penetration Testing.
GP Policy.
Password Expirations.
Password Protected Screensavers.
Desktop Login Banners.
Security Awareness Training video.
Employee Background Checks.
Secured SFTP Transfers.
Intrusion Prevention System.
State-of-the-art Firewall.
SSL certificate.
Mobile devices policy enforced.
Data Encryption at rest.
Server hardening.
Demilitarized zone.

Please access our SOC III audit report here.