• TSG maintains security incident management policies and procedures, including detailed security incident escalation procedures. TSG will promptly notify Clients in the event TSG becomes aware of an actual or reasonably suspected unauthorized disclosure of Client data.

• TSG has an access system that control access to the data center, including dual factor authentication requirements (badge swipe and PIN). Only authorized personnel have access to the data center.
• The facility is designed to withstand adverse weather and other reasonably predictable natural conditions and is secured by around the clock security guards. All employees are issued and must clearly display an employee badge while in the facility. Access to the facility is by badge swipe for both entry and exit. Logs are maintained to record employee activity. The facility houses CCTV which runs 24/7 and encompasses all areas of the facility including all entry and exit points.
• Visitors to the facility must sign in and present a valid photo ID in order to obtain a visitor’s badge. Visitors are required to clearly display badge at all time while in the facility and must be escorted while on the premises.

• TSG’s primary data center is on premises allowing for quick access. In addition, it is a tier 3 facility with fire suppressant equipment, raised floors, multiple power and cooling systems, as well as redundant circuits and equipment. In addition, a battery backup and generator are configured to maintain system functionality in the event of a power outage.

• All networking components are configured to be redundant and servers and applications run on a virtualized environment to provide flexibility and maximum uptime.

• TSG maintains a complete Business Continuity/Disaster Recovery program which is tested at least annually

• TSG utilizes industry accepted encryption products to protect Client data and communications during transmission and at rest between the Clients network and TSG, including minimum 256-bit SSL certification.

• TSG maintains a comprehensive change management program associated with all IT and development related initiatives as well as all policy and procedural updates and revisions.

• All employees are fully vetted prior to hire and are required to undergo a background check, drug screening and credit report review. Background checks are required to be performed annually.
• All employees complete and sign a confidentiality agreement and are required to undergo privacy and security training and testing at time of hire and annually thereafter. Employees undergo pre-employment evaluation related to job specific functions as part of the vetting process.

The StoneHill Group is committed to thorough, sound and secure internal and external IT processes and exceeding industry quality control standards.