Overview

Purchase Control provides state-of-the-art security to ensure that your data is safe at all times. We understand that data security is your priority, which is why we have made it our priority. Over the years we have invested significant resources to keep our security infrastructure updated and current.

Physical Security

Our application servers are co-located in a purpose-built facility with 24-hour CCTV and physical security, Boon Edam door entry (airlock type entry), redundant electrical generators, and other back-up equipment required to keep servers continually up and running.

Perimeter Access/Defense

Our major network backbone includes three connections to separate network service providers. Network perimeters are protected by custom-configured firewalls provided by leading security vendors. Purchase Control routinely penetration-tests all aspects of the network infrastructure.

User Authentication

Users access Purchase Control’s online purchase order software only with a valid username and password combination. These are encrypted using a Secure Sockets Layer (SSL) protocol while in transmission. User credentials are verified before access to the Purchase Control database and application interface is granted.

Application Security

The application security model has been designed so that it is not possible for one Purchase Control customer to access another customer’s data. This security model is applied to every data request and enforced for the entire duration of a user session.

Operating System Security

We enforce tight operating system-level security by using a minimal number of access points to all production servers. All operating system accounts are password protected. All operating systems are maintained at each vendor’s recommended patch levels for security. All operating systems are further secured by disabling and/or removing any unnecessary users, protocols and processes.

Database Security

Whenever possible, database access is controlled at the operating system and database connection level for additional security. Access approval to production databases is limited to a number of points.

Server Management Security

All data entered into the Purchase Control application by a customer is owned by that customer. Purchase Control employees and representatives do not have direct access to the Purchase Control production equipment, except where necessary for system management, maintenance, monitoring, and backups. Purchase Control employees and representatives who have access to the production equipment are rigorously background checked.

Data Backup

Purchase Control applications reside on clustered servers ensuring the highest levels of availability. All customer data is backed up every 16 minutes. Backup files are also transferred electronically to a disaster recovery location every 24 hours.

Disaster Recovery Plan

Our hosting facility has been designed to withstand many foreseeable catastrophic failures such as power outages, contractor mishaps, fire, flood, and theft. The site has power that is supplied on separate feeds entering from different sides of the building. It also has full UPS and generator capabilities in case of a power outage.

In the unlikely event of a catastrophic site failure, Purchase Control has a comprehensive recovery plan in place. Additional host equipment at a separate location is capable of performing all hosting functions in the case of such an emergency, with sufficient capacity for customers until such time as Purchase Control’s applications can be restored at their original location or at a replacement hardened hosting facility.

Summary

As a service provider our aim is to deliver a best-of-class security infrastructure comprising of proven, cutting-edge technologies. Purchase Control delivers the most comprehensive security available, including firewalls and encryption devices sourced from leading Internet security vendors, configured by expert professionals, and rigorously tested before going into production.

Security Policy