In August of 2019 SurePrep received a SOC 2 Type 1, an independent service auditor’s report on controls relevant to security, availability, confidentiality and processing integrity set forth in TSP Section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria).
SurePrep has developed information security policies and procedures that adhere to the high standards of regulatory requirements such as Gramm-Leach-Bliley, Payment Card Industry and Massachusetts 201 CMR 17.00.
SurePrep’s production servers are managed by SurePrep staff and hosted by IBM at data centers in Dallas, San Jose and Washington D.C. Our servers and firewalls are monitored on a 24/7 basis. Performance reports are generated to assure maximum operational availability. Citrix NetScaler load balancing is in place to achieve the best possible system performance. Through monthly patch management we are constantly updating our security software to protect against unauthorized access to our network systems. Daily back-ups are performed and stored in alternate facilities within the IBM data-center network.
SurePrep’s products are web-based applications built on the Microsoft .NET Framework. Access is restricted to registered users who log in by way of a username/password combination verified on the server side. User passwords are encrypted and a log is maintained of all users that access the system. User authentication can be further limited to client-specified IP ranges. Communications use industry-standard 4096-bit Secure Socket Layer encryption for all data transfers, the same encryption technology used by banks for securing online banking transactions. SurePrep leverages Microsoft’s Azure infrastructure and Amazon Web Services to ensure data security and reliable storage.
SurePrep’s production servers are managed by SurePrep staff and hosted by IBM at data centers in Dallas, Seattle and Washington D.C. IBM data centers are SAS-70 Type II and SSAE 16 certified.
SurePrep’s software has been audited, tested and validated by C-Level Security, LLC. The application was found to enforce security controls to support a secure processing solution. C-Level Security is an independent security-focused consulting firm employing leaders in the industry. C-Level Security certifications are developed to meet regulatory and best practice guidelines. The C-Level Certified Seal carried on this site displays that the Organization has adopted proactive security steps for safeguarding your data during entry, transmission and storage.
SurePrep’s software runs on a permissively neutral network and benefits from multi-homed connectivity with redundant 10 Gbit/s Tier 1 carriers combined for over 80 Gbit/s of bandwidth. The IBM servers are manned 24 x 7 by NOC personnel in a static-free environment with redundant Liebert 30-ton HVAC units and pre-action dry pipe fire suppression. Physical access to the facility is limited to IBM IT staff only utilizing proximity security badge and individual card keys for entry. The facility is under digital video surveillance at all times and is powered for continuous, uninterrupted operation by N + 1 paralleled generators and UPS power systems.