COMPLIANCE & SECURITY

 

ITM TwentyFirst understands that the security and availability of our customers' data is vital to their business operations and our own success. We use a multi-layered approach to protect that key information, constantly monitoring and improving our application, systems, and processes to meet the growing demands and challenges of security.

Availability

Our system is housed in a Tier 4 Data Center with full physical security and redundant power, cooling and networks with 24/7 monitoring. We backup critical data in real time onsite and store an encrypted backup daily at multiple data centers to prevent data loss and maintain data integrity. We regularly test and improve our backup and disaster recovery plans to reduce potential downtime in case of an emergency.

Network Security

Our network security incorporates several layers to protect from external threats, segregate internal traffic and protect against application specific threats. We have intrusion detection alerts logged to a dedicated security event management system with 24/7 monitoring.

Confidentiality

In addition to our commitment to keep our systems secure, ITM TwentyFirst has adopted and implemented data privacy and security policies designed to maintain the confidentiality of sensitive information. Our employees complete ongoing compliance training covering U.S. data privacy and protection, phishing, information security, and HIPAA privacy and security intended to keep our employees up to date with the latest practices and regulations.

Third-party Testing and Assessments

Knowing that even the best procedures and systems could have a weakness, ITM TwentyFirst regularly uses third parties to test and audit our security controls. We conduct monthly network security assessments and annual third party application security reviews and penetration tests. On an annual basis, ITM TwentyFirst obtains an independent third party validation of our system and practices as part of an annual SSAE-18 SOC 2 audit.