This overview outlines the security measures we’ve put in place to protect your information when you’re using Sprintax.
We encrypt the files that you store on Sprintax using the AES-256 standard, which is the same encryption standard used by banks to secure customer data. Encryption is applied after data is uploaded, and we manage the encryption keys.
We store data in several large-scale data centers with restricted external access to the server environments. All staff members are carefully screened before being allowed physical access to any of the server environments. Personal access is further restricted by tight access controls within the server environments.
Our data centers are marked as restricted zones. Relevant policies are in place to ensure that nobody except authorized personnel can access them. In the event that an external party needs to access a data centre they are accompanied at all times by a System Administrator.
As we deal with sensitive information, we place the highest priority on ensuring that our data is securely stored, transmitted and disposed of as required. We use a number of methods of encryption for data storage and transmission including:
- RSA Public/Private key Encryption
- AES256 Symmetrical Encryption
- Digital Certificate (SSL) Encryption
- SSH File Transfer Protocol (SFTP)
Secure data disposal has always been handled in-house. The procedure for secure data disposal is based on US DoD 5220.22-M: National Industrial Security Program Operating Manual (NISPOM) and in particular the DSS Clearing and Sanitization Matrix.
Your data is sent from Sprintax’s desktop clients to our servers over a secure channel using 256-bit SSL (Secure Sockets Layer) encryption, the standard for secure Internet network connections.
We have developed comprehensive plans for disaster recovery and business continuity in the event of a disaster.
We are using fully redundant and fault tolerant server environments. All power to our data centers and critical equipment is backed up by un-interruptible power supplies. Diesel generators have been installed in the main data centers which further increase the resilience of the power supplies.
In addition, full and incremental backups are scheduled to ensure the availability of data in case of a disaster. Data backups are replicated between the main data centers as well as in off-site hosting. Our IT department has ensured that the security of off-site backups is in line with all internal security policies.