Security—whether physical, network, or data—is a primary focus at North American Recovery and is part of our core culture. We rigorously secure all data, including backup systems in the event of system failure due to natural disaster or otherwise. We utilize coded key-fob locks on all external doors to protect our physical facility. Our building is a medium-high security facility with on-site grounds and building security personnel.
North American Recovery has implemented several measures to ensure the security of our client's data. All access to the computer system itself is protected by a multiple-password scheme. In addition, we do not allow remote connection directly to our internal network. Therefore, an outsider cannot even locate our system.
Internally, once access to the system has been granted, the user must then use a username and password to access system resources. Each login is unique to each user; the system software only allows access and capabilities defined specifically for that user.
We regularly upgrade all routers and firewalls and conduct 128-bit encryption of all data. We use dedicated T1's for both voice and data. We use a dual backup methodology. All of our Direct Access Storage Devices (DASDs) are redundant. We maintain a complete backup of the live data. In addition, we do a complete backup daily. The daily backups are archived for two weeks; the weekly backups are archived for a month and the monthly backups are archived for a year. Yearly backups are archived indefinitely.
However, North American Recovery uses encryption as only one level of protection in our multi-tiered approach to security.
Security is not only about protecting our network from outside threats; it is also about protecting it from threats from within. The weakest link in any IT security chain is the human element. In order for us to maintain a genuine culture of security, everyone in the organization, from top to bottom, must be informed and motivated about information security. The first step in internal security is awareness. Because we provide thorough training and regular reminders, our employees actively recognize and protect against potential threats. Education and awareness empowers each employee with the knowledge of their personal role in protecting our organization's network, which goes a long way towards reducing risk.
North American Recovery's security training program delivers a sequence of awareness modules, covering different information security topics every month. The security training materials address general employee issues, managers, and IT people separately because each one has distinct information needs.
Our Acceptable Use Policy (AUP) is a key element of our training and requires each employee to pass a written exam. Our AUP covers email usage, privacy, passwords, laptops, client data, and containment. No employee is permitted to work from home or remove transportable storage devices (such as CD-ROM, USB key, or floppy) from the facility or to transfer data from work to home.
Workforce training is not a single event. Security awareness requires commitment to a continuous program of employee communication and training. As with all other aspects of an employee's job, proper training in security is a core component of our success. Our security training and policies include:
Our layered, multi-tiered approach to security provides both North American Recovery and our clients with maximized security solutions that cover as many bases as possible.