We take the security of your data seriously and are constantly looking to provide a premier environment to build and manage a continuity capability.
At a high level, your data is secured using the following approach:
Physical Security - We utilize Amazon's Elastic Cloud Compute (EC2) environment for hosting. They are one of the most popular and well secured hosting providers in the world. They offer PCI Type I compliance, SSAE 16 Type II Auditing and ISO 27001 Information Security certification. Learn more at http://aws.amazon.com/security/
Data Security - Your data is stored on hardened and encrypted EC2 instances configured for two factor authentication. Data is logically separate by organization using master keys and has been thoroughly tested to isolate data. Every page of Catalyst is delivered to your browser with strong military grade TLS encryption.
Credit Card Security - When you enter your credit card information on Catalyst, we immediately hand that information over to STRIPE (using encryption), which specializes in managing credit card data on highly secured servers.
The continuity plan for Catalyst also features industry leading capabilities:
Downtime Tolerance - Our production environment runs on highly available hardware in the Amazon EC2 infrastructure. In the event of a catastrophic failure of a Amazon data center, we can fail-over to our backup data center in < 4 hours. Our primary data center is the Amazon East (Virginia) region, while our fail-over data center is Amazon West (Oregon) region.
Data Loss Tolerance - We backup our systems every hour to Amazon's highly resilient S3 storage using military strength encryption. Those backups are also automatically to our recovery servers so we can fail-over at any time.
Our entire approach to continuity is validated by regular exercises and also by our ISO 22301 certification, which validates the effectiveness of our business continuity management system