ANCHOR places the highest priority on the security of our client’s data and has completed a Type 2 SOC 2 examination. The Type 2 SOC 2 examination was performed under AT-C section 105 and AT-C section 205 in accordance with attestation standards established by the American Institute of Certified Public Accountants.
Processing Overview
- Clients upload files through our web site, which uses SSL (2048-bit) encryption. Uploaded files are stored in the FTP/SFTP server. Newly created jobs are assigned a unique ANCHOR Job ID number. Clients only have permissions to view/access their own jobs.
- Upon job completion, another automated QC check is done to identify, if any, problems occurred during processing. If any severe errors are identified, the job may be put on hold and notifications are sent to ANCHOR personnel.
- The ATS server then moves the output file back to the FTP site (and encrypts the file if the client opted for PG encryption), and notifies the client that the job is ready for pickup. All output is PKZIP compressed (even if PGP(256 bit) was used). Report files are included in the .ZIP file with the output data file. No printed versions of client output reports are created.
- All intermediate files are removed from the workstation and the ATS server.
- The client can securely download the output of the job through our web site (transfers are SSL (2048-bit) encrypted).
- Client data will remain on the FTP/SFTP server for up to 10 days and in an archived area for a maximum of thirty (30) days (unless otherwise specified by the client) at which time it will be deleted.
- All processing is done in a secured processing center with limited access (biometric fingerprint scanners) to authorized personnel. Normal processing submitted through our web page does not require human intervention unless problems arise (corrupted input files, incorrectly formatted files, etc.)
Disaster Recovery
If a natural disaster occurs that prevents ANCHOR from continuing its normal processing function for its clients, a pre-defined contingency plan (disaster recovery plan) for backup processing will be implemented. The plan consists of preventive measures, data security, and Communication fail-over, Warm-site procedures for clients requiring batch processing, Hot-site replication for Web clients, training, and insurance.
ANCHOR Firewall and Intrusion Detection System
ANCHOR employs a fully redundant High Availability firewall system that is a SAS 70 Type II audited solution.
The firewall system provides protection to minimize vulnerabilities and enforce a consistent, company wide security policy by providing the following features:
- 24/7 Monitoring and Response
- Incident Alert Notification
- Incident Reports
- Stateful Packet Inspection
- Access Control Policies
- Network Address Translation
- Prevention of IP Spoofing, ICMP floods, TCP SYN Flood and Smurf attacks.
The Intrusion Detection and Prevention System extend the capability of the firewall system to include the following increased security:
Physical Security
ANCHOR maintains central station monitoring with a direct link to local fire and police departments. The Data Center facilities have been specifically designed for physical security, ensuring that your data is protected. Data Center entry is restricted by the use of Biometric readers. Access to the core data center is permitted only to authorized personnel or individuals escorted by our Data Center operations management and security staff.
General building access to office personnel or data center facilities is monitored by a combination of thirty-two surveillance cameras and motion detectors. After-hours access to the building facilities is also recorded, logged and monitored.