How is the data stored? Is it encrypted using a customer supplied key? Can the supplier access the data?

Data is encrypted on the drives. However, the access is to a server and the data is accessible to all users with authenticated access to that server only.

Where is the data stored? Is it in a single data center or replicated elsewhere? How often is it replicated?

Backup is done using Datto technology. Backup is performed every hour and stored for 7 days both onsite for quick access and in the Datto Encrypted Cloud (they use multiple data centers).

The main data is stored in a Primary Data Center and replicated to the Datto Cloud for redundancy. We can spin up any customer in the Datto Cloud if needed.

Can the initial data upload be done only over the internet or by the customer sending media to the data center?

We can accept data either via media (preferred if data is over 10GB) or via the internet.

How can the data be accessed? Can it be accessed using a web browser or is a specific application required?

We use a product called Parallels RAS to access our data center for anyone needing direct desktop support such as Sage, Dynamics, Epicor, and Quickbooks. You can use either a browser (HTML 5 Compatible Browser Required) or the application on Windows, MAC, IOS, and Android.

How is authentication handled to the cloud storage? If we wanted could we do Active Directory based authentication? Is there multi-factor authentication?

We do not support outside Active Directory authentication to our facility. We do, however, support multi-factor authentication if you wish to do so. There is an extra charge for this if you do not have your own authentication service. We currently support Duo. Extra charge of $6.00 per user per month. All hosting customer users must use it.

If a bulk restore is needed, can the data be sent on physical media?

Restores can be requested at any time, however, there is an additional charge for restores to media. We do not provide physical or virtual drives, we only restore files.

Are there additional costs for restores?

There are no additional costs for restores. All our services are managed.

What reporting is in place for access attempts to the data?

We do track login attempts to each Windows server. You may request access logs only with advance notice, and the request requires 24 hours to process.

What system availability SLA is offered?

You can find the Service Level Agreement here.

Is there an information security policy?

Yes, for instance:

  • We do not allow access from outside the United States without specific policy requirements.
  • We do not sell outside the United States at this time.
  • We do not share information with anyone outside of the company.

How is the network secured?

The network is secured by installing and maintaining industry-standard firewall configurations to protect data, and we avoid the use of vendor-supplied passwords and other security defaults. We only allow traffic when it is acceptable to our security policy.

Is there a unique ID for each person with computer access?

Yes. We assign a unique ID to each person with computer access. To access the network, you must be a named user with an email address that is working. We do not allow generic logins for accounts.

Are there regular security tests?

Yes. We test quarterly for security, monthly for backup, and daily for access lists.

How is encryption used?

We protect sensitive data with encryption in transit and at rest. We use SSL High Level Encryption. Access is only through our access software. All transfers are secure.

Is the network regularly monitored and tested?

Yes. Our network is monitored by a state-of-the-art Security Operations Center (SOC) using a 150 point inspection, 24 hours a day, 7 days a week.

Are there strong physical and network access control measures?


Is access to network resources and sensitive data tracked?


Is a vulnerability management program maintained?

Yes. Our network is monitored by a state-of-the-art Security Operations Center (SOC) using a 150 point inspection, 24 hours a day, 7 days a week. This includes vulnerability testing and alerts.

Have measures been implemented to prevent the loss of data?

Yes. We use Datto and offsite replication via Azure.