AUDI DATA SECURITY POLICY
This section defines the data security policy of AUDI. Our company takes the security and
privacy of our clients and business partners and their data very seriously. To ensure that we are
best protecting our corporate and client data from security breaches, we have created and
executed the following policy.
The major goals of this security policy are as follows:
To implement the technology and solutions aimed at protecting AUDI client’s data and all
Personally Identifiable Information (PII) within their systems
To provide industry recommended protections, that are within our control, for the prevention
of data breaches
To minimize interruptions to AUDI Data Center operations
To limit the extent of any disruptions to customer operations
- AUDI Data Center Profile
All of the AUDI software applications hosted in our Level 5 secure data center are implemented
with the technology and security protocols described below.
1.1 General
AUDI/AUDI provides Managed Hosting Services from a secure data center in Charlotte, North
Carolina. Our facility provider, Peak 10, partners with our AUDI staff to monitor the
performance, readiness and redundancy of our assets 24x7x365 and the center is protected by
security guards and staffed at all times with data center monitoring personnel throughout the
year.
Peak 10 is a SSAE 16 Level II Certified and PCI Certified Data Center. These standards require
strict adherence to control and change control for personnel. Our Security Audit is completed
under SSAE 16 guidelines.
Visitors to our headquarters and Data Centers are required to present valid government issued
identification, must sign in and present a Peak 10-issued visitor badge, and can only access the
center floor with this magnetic card visitor badge. In addition, they must punch in a valid code
for the cipher lock and pass the biometric thumb print recognition in order to gain access. They
are escorted by authorized personnel at all times and the completion of proper sign out
procedures are also required. Video monitoring of external entryways is maintained. All servers
are in locked rooms and locked cages.
1.2 Data Center Security
Our Peak 10 facility is engineered with a minimum of five levels of security:
Level 1: Proximity card access with PIN is required to enter the building. (AUDI techs are not
yet in the data center.)
Level 2: Proximity card access with Biometric (fingerprint) scan is required to enter the data
center. > Level 3: All hardware is secured in a locked steel mesh cabinet fitted with combination locks.
Level 4: Video surveillance cameras are placed throughout the facility and monitored by onsite staff 24x7x365.
Level 5: Strategically placed vibration detection devices alert Peak 10 personnel of any motion
in the facility.
1.3 Data Center Redundancy, Physical and Environmental
Redundant ISPs: Our Peak 10 data center is engineered with three Internet Service Providers
(ISPs), each capable of handing the entire Data Center traffic in the event all but one fail. For
Charlotte, the providers are AT&T, Time Warner and X0 communications.
Uninterruptible Power: Each Peak 10 data center is engineered with an uninterruptible power
system and backup generator to deliver seamless power. In the event of a commercial power
failure, our isolated UPS system will provide immediate backup power until our diesel
generators take over the load and continue operation of the center.
Redundant HVAC: Peak 10 utilizes best-in-class environmental units to control and monitor
the temperature and humidity in each data center facility. The redundant HVAC system
maintains the average temperature in each data center at 70 degrees Fahrenheit to ensure a
consistent operating atmosphere for your mission critical technology infrastructure.
Fire Suppression: Peak 10 data centers utilize dry-fire suppression systems that can be
deployed manually, or by a sequence of three failures anywhere in a data center zone. Each Peak
10 facility is also fully equipped with smoke and heat detection sensors as well as fire doors and
handheld gas-based fire extinguishers.
1.4 Intrusion Protection and other Protective Protocols
The following hardware and software solutions are implemented as part of the AUDI Managed
Hosting Services platform at our data center.
Firewall: Our network is protected by a managed, Protect Point Firewall. The Firewall is
managed 24/7 and is redundant to n+2 for each port. The Firewall is equipped with Silver Sky
intrusion detection and threat isolation. Any perceived threat is isolated, blocked and vetted for
authenticity or confirmed threat. Reports are generated for each threat trigger in real time.
Network Intrusion Detection: We utilize 24/7 Host and Network Intrusion
Detection/Prevention Systems (IDS/IPS) at Application, Network and Data Center levels. A
scheduled program for updating attack signatures is maintained, and intrusion/alert logging is
used.
Virus Scanning and Detection: All of our hosted servers are set up and equipped with
continuous virus scanning and scheduled updates to the virus signature files.
Denial-of-Service Prevention: We take commercially reasonable steps to ensure against denialof-service outages including the utilization of a leading denial-of-service protection and
mitigation service.
Server Operating Systems: We implement a standard for hardening/securing all of our server’s
operating systems (O/S) including a scheduled program for applying updates, patches and hot
fixes to all server O/S’s.
1.5 Strong Password EnforcementAccess to all Managed Hosting Services are controlled by secure password-protected access
which is administered by our Technical Services Team who utilize our detailed password policy
and enforce highly secure password protocols for the highest industry-recommended levels for
access security to our systems. - AUDI Application and Data Protection
All of the AUDI software applications and solutions have been designed with the proper tools,
features, and industry-standard protocols for protecting the hosted data and PII. Some of these
are described below.
2.1 Encryption
Data is encrypted in transit and at rest via SSL 256-bit digital certificate encryption.
2.2 Passwords
AUDI applications are designed to support strong password protection and policies for the
creation of all user accounts with access to sensitive data.
2.3 Server architecture
All AUDI hosting servers are equipped with dual quad core processors and shadow arrays with
data mirroring. - AUDI Application and Data Backup Procedures and Protection
All of the AUDI software applications and solutions running under our Managed Hosting
Services program in our secure data center receive constant monitoring and regular backup
services to protect the system applications and data.
3.1 Backups Performed throughout each Day
Backups of the system “data” are captured periodically throughout each day using Dell
Appasure.
The O/S configuration is backed up every 12 hours.
The application and application configuration are backed up every 12 hours.
Our system is composed of a hard cluster of servers with options available for servers to have a
redundant virtual server.
Our platforms are N+2 redundant using MS Server 2008 R2 and MS Server 2012 operating
systems with quad core servers and Hyper-V warm virtual servers available to back-up the hard
servers.
3.2 System and Data Monitoring
We utilize a variety of different solutions for monitoring the performance and consistent
operation of all AUDI systems, servers and networks.
The Peak 10 data center provides round-the-clock on-site personal that monitor the overall
health of the data center power, Internet, operation temperature, physical security of the Data
Center as well as the up time of all servers within the AUDI server racks. Other support
personnel can be called on 24/7 in the event that additional help is required either for a small-scale physical server issue where “hands on” support is required, or to provide help for large
scale issues where assistance is needed from skilled network engineers
AUDI maintains a large number of monitoring applications which virtually verify that all
AUDI systems are running properly 24/7 without any issues. If potential problems are discovered
by these applications, our technical services team members are notified immediately by email
and text messages.
Our systems are protected by a Protect Point Firewall. The Firewall is managed 24/7 and is
redundant to n+2 for each port. The Firewall is equipped with Silver Sky intrusion detection and
threat isolation.
Our systems are protected via the utilization of a leading denial-of-service protection and
mitigation service that monitors access to our systems 24/7.
3.3 System and Data Restore and Recovery Procedures
Within our secure data center, we have dedicated physical restore servers available at all times
in place and ready to be used in the event of the need for restoration of system applications
and/or data as part of our standard recovery procedures.
We maintain a fully documented detailed set of data, system and disaster recovery plans inhouse. These are reviewed and tested regularly to ensure compliance and current viability. Due
to the confidential and sensitive nature of the information contained within these plans they are
not available for dissemination outside of the approved members of AUDI management and the
technical services team.
Audit Procedures
Audi audits all researchers of public criminal records to insure quality.
• Frequency is dependent on volume of request submitted to researcher.
• A known result will be sent to researcher to test their reliability.
• If a discrepancy is found then the researcher is contacted directly. Both results
positive/negative are sent to researcher to determine result error. Typically spelling of
name or wrong date of birth is issue. All communication is documented and placed into a
specific folder.
• Depending on outcome the relationship with that specific researcher will be terminated or
a plan of action to perform more audits will be determined