THE 'APPLE' of GRC
"The Network has delivered a platform that is fresh, beautiful, and simply elegant for the user, adding interface assets that work to engage employees, while providing administrators and executives with the tools needed to truly manage compliance in a proactive fashion."
– Michael Rasmussen, GRC Analyst
Security & Data Protection
Secure, reliable data access is of critical importance to our clients. By leveraging best in class technology along with data security best practices, The Network avoids costly systems disruptions and maintains system availability at the highest possible level.
The Network is committed to maintaining and continually enhancing our security posture. We adhere to the “defense-in-depth” strategy to secure all of our systems and data. When it comes to security and testing the effectiveness of our strategy, we utilize various resources and have introduced numerous technologies and testing methods over the years as a way to validate our security controls and defenses. Our approach to technology calls for proven, scalable system architectures and resources so that we can always meet the ever-changing needs of our clients.
The Network employs industry-leading security and operational processes to ensure that client data is secure and programs operate smoothly 24/7/365. As a testament to our dedication to security, The Network undergoes security penetration and web application testing. We also utilize the QualysGuard Vulnerability Management service and have included this tool into our SDLC (Software Development Life-Cycle) process. Additionally, we are registered through multiple Technical Security Notification Services.
We have various controls in place to adequately manage and protect network security and data:
- Intrusion Detection – All production servers and networking equipment are protected by a NIDS (Network Intrusion Detection System), both internally and externally. These systems are configured to identify issues or anomalies that may require action from our Network Operations staff.
- Patch Management – The Network utilizes a tiered approach to patch management and administers patches through Microsoft’s WSUS service to ensure all systems are patched and up-to-date.
- Anti-Virus – The Network utilizes an enterprise-class, third-party anti-virus solution, enabling daily virus definition updates, plus real-time monitoring, disinfection, and automated notification.
- Network Controls – Our infrastructure includes redundant firewalls which utilize stateful packet inspection technology. Our layered security architecture includes a DMZ for hosting our public facing servers and utilizes NAT (Network Address Translation).VLAN segmentation and Access Control Lists are also used to further segment our networks and secure them from unauthorized access.
- Encryption of Data in Transit – Encryption is customized per client. We offer multiple encryption options, including TLS, PGP or SFTP. Our public-facing ASP applications use extended validation SSL certificates to encrypt data. All certificates are purchased through our managed PKI service with VeriSign.
- Encryption of Data at Rest – We encrypt all client data at rest using AES 256-bit encryption technology running on our RAID6 configured SAN. The key management system is a separate system only accessible by a small number of system administrators.
The Network uses the “defense-in-depth” architecture when it comes to protecting customer’s data. Our co-located production systems (U.S. and international) are maintained in a facility that specializes in storage and availability services by a Tier-1 provider who is recognized as a leader in technology services and currently serves more than 25,000 customers in 70+ countries.
These production data centers provide n+1 redundancy for all environmental necessities, including cooling, power and network connectivity, and are protected by FM200 Fire Suppression and VESDA (Very Early Smoke Detection) systems. The Network leverages state-of-the-art blade servers, virtualization, cloud infrastructure, firewalls, and switch architecture technologies to virtualize our web, application and dissemination servers and segregate public web server traffic into partitioned de-militarized zone (DMZ) networks.
These facilities are monitored 24/7/365 and include on-site security, a strict access authorization process, video surveillance, multi-level key card protection and biometric scanning.
Our proven, multi-layered data backup methodology utilizes various backup technologies and backup schedules to dramatically reduce recovery time in the event of a failure.
Access to facilities is strictly controlled and limited to a small number of highly technical operations professionals. All system/environment changes are controlled through our structured change management process and all changes require management approval.
The Network holds Safe Harbor certification and has affirmed our operational and compliance controls with the successful receipt of the Service Organization Controls Report (SOC 2). The Network complies with the requirements necessary to meet the criteria for the security, confidentiality, availability and processing integrity principles set forth in AICPA Trust Service Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality and Privacy (AICPA, Technical Practice Aids). The Network’s SOC 2 audit was performed by the independent firm of Cherry, Bekaert & Holland, L.L.P. (CB&H) and recognizes The Network’s commitment to providing secure, reliable and effective operations.
A thorough business continuity plan provides for everything from redundant systems and operating capabilities to the complete relocation of our contact center to a backup facility. The Network maintains a Documented Business Continuity/Disaster Recovery Plan which mandates recovery time and recovery point objectives specific to intake and data management services.
The Network delivers our solutions via the Software-as-a-Service (SaaS) distribution model, which reduces our clients’ costs while dramatically improving their implementation timeline. This model allows us to provide high functioning solutions with seamless, automated upgrades and feature improvements that always meet or exceed client expectations. With the SaaS delivery format, our clients have the freedom to access their data, track their workflows and manage their day-to-day activities from any location. Our approach simplifies administration and ensures compatibility while greatly improving collaboration between users and scalability.
The Network and BDO Consulting Release Fourth Quarter 2012 Corporate Fraud Index
The Network and BDO Consulting have released the Corporate Quarterly Fraud Index for the fourth quarter of 2012. Fraud Reporting Percentage (FRP) decreased slightly from the third quarter of 2012, when fraud reporting set a record high, but rose year-over-year. “Unfortunately, fraud and corporate malfeasance continue to threaten the workplace, in terms of revenue, reputation and employee morale,” said Luis Ramos, CEO of The Network....
Set Example, Train Employees To Build Ethical Culture
In a recent Investor's Business Daily article, Luis Ramos, CEO of The Network, says that ethics compliance should not be viewed as a cost without benefit. "The goal isn't just to say you trained your people. It’s to make sure they understand..."