OSG views data security as a critical component to our business. We recognize the importance security plays within all organizations today, therefore we have made security a key element and focal point in the solutions we provide to our clients. OSG has made significant investments in our facilities, technologies and the people required to meet the strictest security standards. Providing data services to tightly regulated industries in the healthcare and financial markets has allowed OSG to become a market leader in the secure management of sensitive data.
We provide a secure building with security controls at every entry point. Once inside our facility, a security card access system controls which areas employees may or may not enter depending on their individual security clearance. Cameras are positioned throughout the facility monitoring activity from multiple viewpoints. All movement is monitored, recorded and retained using camera and security access recorders.
All business-critical servers operate from within our secured computer room. We utilize the latest technologies in gas fire suppression, redundant cooling systems, and temperature monitoring services. Electrical power is maintained with battery backup (UPS) Uninterruptible Power Systems. OSG owns and operates an onsite diesel generator system. The generator provides substantial electrical power, supporting our entire facility for an extended period in the event of a major power outage.
Telecommunication and internet services are delivered through multiple telecommunications providers and circuits. Our telecommunication providers feed multiple entry points at different ends of our facility. This design provides both flexibility and fault tolerance in our telecommunication capabilities. Our facility has been carefully architected to be both secure and fault tolerant.
OSG performs background checks on all new hires. Additionally, we perform drug testing and other background testing as required in special high security projects. Employees receive ongoing security awareness training as well as specialized security training in their respective work areas. OSG requires employees adhere to formal security policies and procedures which are documented and supported by OSG management.
Our computers and Microsoft active directory network are tightly managed and controlled. We employ our own IT staff, available 24x7 to manage and quickly respond to any issue that could arise. Some of the required security controls include: Hardened servers, Multi-tiered firewalls, DMZ configurations, IDS Intrusion Detection Systems, automatically updated Antivirus engines running at both the server and workstation. We work to provide the highest level of security and protection for all data residing on our systems.
Users have access only to data which they are responsible. Network and workstations require complex passwords to gain access. Passwords are routinely changed. OSG promotes using current software and new version updates once they have been tested and proven reliable. Utilizing the latest hardware and software technologies allows us to meet the strictest security measures.
We understand our business partners may sometimes require special security solutions to meet their specific needs. OSG supports all leading encryption protocols including government and NSA approved 256-bit AES, PGP, and Triple DES encryption. We support secure VPN, dedicated telecommunication circuits, and secure FTP protocols. In certain cases, we provide dedicated solutions to meet specific needs required by our customers.
Recognizing industry regulations such as the Gramm-Leach Bliley Act, the Sarbanes-Oxly Act, and the Health Insurance Portability and Accountability Act (HIPAA), we understand our client’s need for increased focus on internal controls and security. OSG is committed to providing solutions which meet our client's security requirements. As part of our commitment, OSG has met SSAE-16 control standards and obtained a SSAE SOC2 type II certification which confirms the requirements have been met. Additionally, OSG performs formal review and auditing of our company’s internal controls and security practices on an ongoing basis. Annually, we perform formal independent third-party security auditing of our security policies, procedures and network. Daily, we review, monitor and manage any critical alerts which occur. Our monitoring systems log and report any alert status immediately to our 24x7 IT staff. Several of our locations process customer’s payments. In these locations, we adhere to the PCI standards and have quarterly scans of our servers as part of the PCI program.
Continuous testing and monitoring practices allow us to demonstrate and report our ability to meet and exceed industry best practices. We are committed to providing our valued business partners with a secure data environment, meeting and exceeding their needs.
Disaster recovery (DR) is an area of significant importance to OSG. With multiple facilities throughout the United States, we have positioned OSG to continue our business operations in the event of a disaster. We perform a nightly backup of all production servers. Backup tapes are stored offsite at Iron Mountain in a secure, climate controlled, storage facility designed specifically for this purpose.
All business-critical production equipment and computer systems have been carefully designed with redundancy in place. We have redundant systems ready to take over in the event of a primary system failure. Redundant equipment provides OSG and our partners the highest level of fault tolerance possible. OSG also has been a leader in the use of virtual server technology. Virtual servers provide additional solutions where high availability is required.