ADA Platform Technology (ADAPT) Security Policy
ADAPT is committed to providing best-in-class document automation solutions for estate planning practices and small businesses. In support of this commitment, ADAPT has developed information security risk management policies to reasonably ensure the confidentiality, integrity, and availability of your data that you upload to our services. This data security statement (the “Statement”) describes some of the security controls that ADAPT has implemented pursuant to those policies.
ADAPT follows best practices in managing all user sessions with our document assembly solution. This means that once a user has logged in, all interaction between ADAPT and your browser is encrypted and transmitted via SSL (secure sockets layer), which is the standard protocol for secure communication over the web. Also, your data is encrypted when it is stored on our servers. This means that, in the unlikely event that an intruder is able to gain access to our databases, they would still not be able to view or retrieve any of your data in a usable form.
ADAPT believes it is crucial that any web application be regularly assessed for vulnerabilities and any vulnerabilities be remediated prior to production deployment. For that reason, ADAPT regularly uses IBM’s Security Analyzer application in order to thoroughly analyze the ADAPT cloud solution for security vulnerabilities.
I. Our Technical Infrastructure
The infrastructure that ADAPT uses to host Your Data is provided by carefully selected third party service providers.
In some cases, the Data that you submit to the ADA Platform Technology Service is stored in a primary data center and is replicated in near-real-time to a secondary data center. The secondary data center is provisioned with sufficient computational, network, and storage resources to replace the functionality of the primary data center, and restore the ADA Platform Technology Service if required.
The secondary data center is geographically remote from the primary data centers.
II. Vendor Risk Management
In cases where ADA Platform Technology engages third party colocation service providers and infrastructure service providers (the “Data Center Providers”), ADA Platform Technology ensures that those Data Center Providers have recently completed a Service Organization Controls (SOC) 2 Type II audit. Additionally, those third parties are contractually obligated to maintain the confidentiality of Your Data to the fullest extent allowed by applicable law.
III. Technical Security Controls
ADA Platform Technology maintains at least the following technical security controls and policies:
- ADAPT -authored software applications and IT systems are regularly scanned/monitored for vulnerabilities.
- Known exploitable vulnerabilities in ADAPT-authored software applications and IT systems are patched expeditiously.
- External points of connectivity in the ADAPT application architecture are protected by firewall(s).
- Network and database activity is logged and actively monitored for potential security events including intrusion.
- ADAPT user passwords are stored in a one-way hash.
IV. Administrative Security Controls
ADAPT and its contractors maintain at least the following administrative security controls and policies:
- Physical and logical access to IT systems that process Your Data is limited to those officially authorized persons with an identified need for such access.
- ADA Platform Technology conducts pre-employment background checks to help ensure employee reliability.
V. Physical Security Controls
- Access to the Data Center Providers’ data center facilities is restricted to authorized personnel only.
- The Data Center Providers’ data center facilities are secured by professional security guards.
- A physical access control system (ID card and/or biometric) has been implemented at entry and exit points of the Data Center Providers’ data center facilities.
- All visitors must be escorted by an employee of the Data Center Providers or, in some cases, a permanent badge-holder at all times when visiting the Data Center Providers’ data center facilities.
VI. Availability and Disaster Resistance
- The Data Center Providers’ data center facilities are designed, built, and maintained to withstand reasonably foreseeable adverse weather and other natural conditions.
- Processing capacity is monitored on a daily basis.
- The Data Center Providers have installed and maintain at least the following environmental protections:
- Cooling systems
- Battery-powered backup electrical supply and/or backup electrical generators
- Redundant communications lines
- Smoke/fire detectors
- Automatic fire suppression systems
- The status of environmental protections is continuously monitored by the Data Center Providers.
- Environmental protections are tested and maintained regularly by the Data Center Providers.
VII. Availability and Disaster Recovery
ADAPT has implemented a disaster recovery plan, which will be regularly tested. The IT systems architecture of the ADA Platform Technology Service includes redundant backups of critical hardware and software components.