We've engineered for high availability and high performance. A leading external monitoring agency tests our hosted solutions every 5 minutes from more than 100 locations worldwide, and we give our clients access to this data. If any response time drops below a threshold, we're immediately notified and on the case.
We meet the requirements of the Payment Card Industry Data Security Standard (PCI DSS) and are audited by a Qualified Security Assessor (QSA) every three months. We're also in the process of enhancing our data protection processes to comply with the International Safe Harbor Privacy Principles.
Our storage system retains changes for two weeks. In addition, incremental tape backups are made weekly, and complete tape backups monthly. Tape backups employ "read after write" to verify accuracy. Tape backups are stored in a secure off-site facility for one year, and are tested at random times throughout the year.
N+1 redundancy provides protection in the event of hardware or utilities failure. Hardware is architected in an active-active or active-warm backup configuration so that failover is instantaneous. The same is true of power and network connectivity, both of which are provided by multiple vendors.
Our hosting environment has financial grade physical and network security. Access to the facility requires photo identification and two-factor biometric authentication; the facility is also guarded and monitored by CCTV. All network activity goes through multiple firewalls before reaching any application or data.