We take your security seriously. PointClick’s comprehensive security framework
consists of the following four key components:
Proprietary security policy covering standards, baselines and standard operating procedures
External requirements: regulatory and industry obligations
Control activities with designated owners to ensure that requirements and policy are followed
Audits make sure that the control activities are carried out, requirements met, and security policy is followed
PointClick employs a comprehensive Defense-in-Depth security model. What is the Defense-in-Depth model? Here is how Wikipedia defines it as it relates to Computing:
What does this mean?
Defense-in-depth involves controls at multiple layers and employing protection mechanisms, developing risk mitigation strategies, and responding effectively to attacks when they occur. A tiered system of security means that more sensitive information is protected with more complex measures, and results in improved capacity to prevent breaches or to lessen the impact of a security incident.
Defense-in-depth strategy means that if one area should fail, protections are in place in other areas to compensate. The different areas are:
An incident response process is really an ongoing process even without incidents ever occurring. Always researching and being up-to-date on the most recent threats. The PointClick response team will identify the cause and quickly contain the breach.
Next, they will put in place mitigating measures to prevent future occurrence of this breach. Services are recovered as quickly as possible, and this step also includes extensive testing of the mitigation put in place. The last step in this ongoing process is possibly the most important: the team evaluates what happened, notes lessons learned and puts forth preventative action plan.