Learning Center
Menu

Security

Security you can trust! SurePrep has developed information security policies and procedures that adhere to the high standards of regulatory requirements such as Gramm-Leach-Bliley, Payment Card Industry and Massachusetts 201 CMR 17.00.

On an annual basis, SurePrep receives a SOC 2 Type 2, an independent service auditor’s report on controls relevant to security, availability, confidentiality and processing integrity set forth in TSP Section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria). This report is typically available in May of the current year.

Logo SOC for Service Organization

SurePrep has developed information security policies and procedures that adhere to the high standards of regulatory requirements such as Gramm-Leach-Bliley, Payment Card Industry and Massachusetts 201 CMR 17.00.

SurePrep’s production servers are managed by SurePrep staff and utilize the IBM, Azure and AWS Public clouds with near limitless scaling capabilities. Cloudflare’s best in class CDN, WAF and DDoS protection is implemented for perimeter defense and global load balancing to enhance performance and our overall security stature. SurePrep utilizes Crowdstrike EDR to ensure the security of our endpoints from malicious software attacks. These systems, as well as our servers and security infrastructure are monitored on a 24/7 basis.

Third Party Vulnerability and Penetration testing is performed mulitple times per year by Whistic. Internal vulnerability testing is performed regularly by the SurePrep InfoSec team.

Security lock

SurePrep’s products are web-based applications built on the Microsoft .NET Framework. Access is restricted to registered users who log in by way of a username/password combination verified on the server side. User passwords are encrypted and a log is maintained of all users that access the system. User authentication can be further limited to client-specified IP ranges. Communications use industry-standard 4096-bit Secure Socket Layer encryption for all data transfers, the same encryption technology used by banks for securing online banking transactions. SurePrep leverages Microsoft’s Azure infrastructure and Amazon Web Services to ensure data security and reliable storage.

Security Cloud

Certifications

SurePrep’s production servers are managed by SurePrep staff and hosted in IBM data centers in Dallas, San Jose and Washington D.C. SurePrep’s implementation of Azure and AWS includes regional services to increase uptime and continuity options. All data centers and cloud services are SOC 2 Type 2 and SSAE 18 certified. SurePrep’s software has been audited, tested and validated by Whistic. The application was found to enforce security controls which support a secure processing solution.

Click here to view SurePrep’s security attestation on Whistic’s website.

security Certificate