At EPSG, we are deeply committed to product security, data privacy, and regulatory compliance. Our focus is on creating and maintaining solutions that are inherently reliable and secure. To achieve this, we have invested substantial resources, time, and effort into both developing and continuously maintaining an Information Security Program (ISP). This program is designed to ensure the confidentiality, integrity, and availability of our services, while also rigorously protecting the privacy of our customers data.
Overview
EPSG, LLC’s Information Security Program (ISP) incorporates a wide array of security measures across multiple domains. The ISP includes rigorous Infrastructure Security measures like network segmentation, intrusion detection, and data backup procedures. Our Organizational Security encompasses encrypted portable media, anti-malware technology, confidentiality agreements, and thorough background checks. Product Security is ensured through penetration testing, data encryption, and monitoring procedures. Internal Security procedures involve vulnerability remediation, access reviews, disaster recovery plans, and incident management protocols. Finally, Data and Privacy are safeguarded through comprehensive policies for data deletion, retention, and classification, ensuring compliance with privacy standards. This multifaceted approach ensures robust protection of our systems, products, and customer data against various threats.
Controls
Information Security
- Intrusion detection system utilized
- Remote access MFA enforced
- Access revoked upon termination
- Encryption key access restricted
- Production data segmented
- Infrastructure performance monitored
- Access control procedures established
- Log management utilized
- Firewall access restricted
Organizational Security
- Employee background checks performed
- Password policy enforced
- Security awareness training implemented
- Confidentiality Agreement acknowledged by employees
- Asset disposal procedures utilized
Product Security
- Data encryption utilized
- Data transmission encrypted
- System activity logged
- Vulnerability and system monitoring procedures established
Data and Privacy
- Privacy policy established
- Data retention procedures established
- Privacy compliant procedures established
- Customer data retained
- Privacy policy available
- Privacy policy reviewed
- Privacy policy maintained
- Data classification policy established
Internal Security Procedures
- Access requests required
- Incident response policies established
- Management roles and responsibilities defined
- Security policies established and reviewed
- Roles and responsibilities specified
- Data center access reviewed
- Physical access processes established
- Third-party agreements established
- Incident management procedures followed
- Development lifecycle established
- Cybersecurity insurance maintained
- Continuity and Disaster Recovery plans established
- System capacity reviewed