Security

 

Ensuring your data is fully protected

 

Certifications

Corporate security policies and procedures are important, but 3rd party audited certifications make all the difference.

SAS 70 Type II Certified

Statement on Auditing Standards (SAS) No. 70, Service Organizations, is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A SAS 70 audit or examination is widely recognized, because it represents that a service organization has been through an in-depth audit of their control activities, which generally include controls over information technology and related processes. In today’s global economy, service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process data belonging to their customers.

Velocify, in conjunction with our partner Data Return, has successfully achieved a SAS-70 Type II certification with an unqualified opinion. This certification represents that Velocify has had its control objectives and control activities examined by an independent accounting and auditing firm and has demonstrated there are adequate controls and safeguards in place over information technology and related processes used to host and process data belonging to customers. This Type II certification not only includes Velocify’s description of controls, but also includes detailed testing of the organization’s controls over a specified period of time.

Gramm-Leach-Bliley Act (GLBA)

Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, together with an implementing Safeguards Rule issued by the Federal Trade Commission (FTC), regulate the security and confidentiality of non-public customer personal information collected or maintained by or on behalf of financial institutions or their affiliates. To the extent that Velocify is classified as a Service Provider under GLBA, by virtue of providing lead management services to financial institutions, Velocify has established this Information Security Program (Program) to assure compliance with GLBA. For additional information about our GLBA policies and procedures please refer to our GLBA Information Security Program PDF.

Health Insurance Portability and Accountability Act (HIPAA)

To improve the efficiency and effectiveness of the health care system, the Health Insurance Portability and Accountability Act (HIPAA) of 1996, Public Law 104-191, included “Administrative Simplification” provisions that required Health and Human Services (HHS) to adopt national standards for electronic health care transactions. At the same time, Congress recognized that advances in electronic technology could erode the privacy of health information. Consequently, Congress incorporated into HIPAA provisions that mandated the adoption of Federal privacy protections for individually identifiable health information. To the extent that Velocify receives Protected Health Information from our clients, Velocify has established this Information Security Program (Program) to assure compliance with HIPAA.

Microsoft Gold Certified Partner, Hosting & Application Services

The Microsoft Gold Certified Partner Program has been created to provide recognition to companies providing Hosting & Application Services that, through the program’s certification process, have demonstrated a consistent, high quality delivery of solutions built on Microsoft technology and the .NET Framework. The program only awards certification status for those specific hosted or application services that meet eligibility qualifications, proven service quality, and operational readiness benchmarks. Velocify, in conjunction with our partner Data Return, has met these standards since the inception of the Gold Certified program.

HP SP Signature Certified, Hosting Services

HP’s SP Certification program provides confirmation and recognition in the industry that a Service Provider (SP) is able to consistently deliver reliable services to a defined standard based upon industry best practice. The criteria employed during the assessment phase represent a very high standard of service infrastructure and have been drawn from a combination of HP’s extensive experience in the design and support of enterprise-level business-critical solutions, and industry best practice such as OGC IT Infrastructure Library (ITIL).

Two levels of certification are offered: SP Certified, based on an assessment of the IT infrastructure used to deliver a named service; and SP Signature Certified, based on an end-to-end assessment of all relevant IT infrastructure and service management practices involved in the delivery of the named service. Velocify, in conjunction with our partner Data Return, has held Signature Certified status since the inception of the HP SP certification program.

 

Technical Partners

 

Microsoft Gold Certified Partner, Hosting & Application Services

The Microsoft Gold Certified Partner Program has been created to provide recognition to companies providing Hosting & Application Services that, through the program’s certification process, have demonstrated a consistent, high quality delivery of solutions built on Microsoft technology and the .NET Framework. The program only awards certification status for those specific hosted or application services that meet eligibility qualifications, proven service quality, and operational readiness benchmarks. Velocify, in conjunction with our partner Data Return, has met these standards since the inception of the Gold Certified program.

HP SP Signature Certified, Hosting Services

HP’s SP Certification program provides confirmation and recognition in the industry that a Service Provider (SP) is able to consistently deliver reliable services to a defined standard based upon industry best practice. The criteria employed during the assessment phase represent a very high standard of service infrastructure and have been drawn from a combination of HP’s extensive experience in the design and support of enterprise-level business-critical solutions, and industry best practice such as OGC IT Infrastructure Library (ITIL).

Two levels of certification are offered: SP Certified, based on an assessment of the IT infrastructure used to deliver a named service; and SP Signature Certified, based on an end-to-end assessment of all relevant IT infrastructure and service management practices involved in the delivery of the named service. Velocify, in conjunction with our partner Data Return, has held Signature Certified status since the inception of the HP SP certification program.

 

Proactive Backup

 

Proactive backup is a crucial component to our overall technology strategy. Both on and off-site backup, as well as readily available “point-in-time” restore capabilities, make Velocify’s contact management solution the best choice for your organization.

Proactive Management Backup

The process adopted by Velocify uses best practice backup principals and regularly audited proceedures to provide for the following:

Web and Applications

  • Daily incremental backup of system, applications, and content
  • Weekly full backup of system, applications, and content
  • Four-week, staggered tape rotation schedule
  • Two weeks of tape media stored offsite in a secure archival facility

Database Servers

  • Daily incremental of system and applications
  • Weekly full backup of systems and applications
  • Transaction log dump to disk (every 15 minutes)
  • Daily full backup of database data
  • Four-week, staggered tape rotation schedule
  • Two weeks of tape media stored offsite in a secure archival facility

All backups are verified. Unsuccessful backups receive a support ticket and are addressed the same day to ensure that the problem is corrected and to verify that a successful backup is performed. This scheme allows systems to be restored in the event of a disaster. Individual files can be restored providing they were present on the system during a backup operation.

Tape Set Rotation

Four tape sets are used in the backup rotation, providing a maximum of three weeks of data for file version restoration. Two weeks of data is stored onsite. The remaining two are stored off-site in a secured, archival facility.

Custom Backup Plans

Customers may request a specific backup plan; in such cases, Velocify will review the plan to validate its function and impact to determine additional charges that may apply.

Alert Management

Intelligent, proactive systems monitoring is only the first step in ensuring the ongoing health and availability of a production system. Velocify’s Alert Manager reconciles multiple independent monitoring and reporting systems into one rules-based console and correlates alerts, surfacing critical issues and giving our team of experts a jump start on any issue.

 

Data Protection

Velocify’s industry leading data security esures that your data remains private and protected. At Velocify, security is our top priority, that’s why we devote significant resources to continually refine our enterprise security technology infrastructure.

Lead Data Security Measures

  • Experienced and professional security specialists and engineers dedicated to 24×7 data and systems protection
  • Regular deployment of proven, up-to-date security technologies
  • Threat attempt assessment and regular security log reviews
  • Ongoing evaluation of emerging security developments and threats
  • Complete redundancy and data backup throughout the entire Velocify infrastructure

The escalation of security threats in recent years has moved enterprise security to a top priority. The question is not “if” you should prepare but “are you constantly evaluating your current state of readiness?” And it’s not just the number, but the increase in sophistication, pervasiveness, and frequency of attacks that requires enterprises to improve security measures.

Confidentiality Assurance Statement

Velocify acknowledges the confidential or proprietary nature of the Confidential Information and agrees to use the Confidential Information solely for the purpose of providing lead management services for our clients and not to use the Confidential Information in any way that is detrimental to our clients. All Confidential Information will be kept strictly confidential by Velocify, and Velocify agrees not to disclose or make available such Confidential Information to any person or entity except for employees or contractors of Velocify working on services related to use of the LeadManager.

Velocify will not disclose any Confidential Information to any employee or contractor of Velocify until and unless such employee or contractor has been informed of their obligation to keep in confidence any Confidential Information they may receive. Velocify agrees to take all reasonable care and precautions to protect the secrecy of and avoid disclosure and unauthorized use of the Confidential Information. Without limiting the foregoing, Velocify will take at least those measures that we take to protect our own confidential information, but not less than reasonable care.

Velocify is SAS 70 certified as well as GLBA and HIPAA compliant.

 

Hosting Infrastructure

Velocify has partnered with Data Return for managed hosting of our core LeadManager application. Data Return is an industry leading tier one provider with 10 years of experience managing complex, transaction-intensive applications.

Web Based Lead Management Access

Access to the LeadManager is secured using Verisign 128-bit SSL encryption across all web servers. Additionally, clients are permitted to establish IP restrictions and filtering rules to allow or deny access from specified IP addresses or ranges.

Physical Security

  • Card access, hand geometry scanners & audible alarms
  • Multi-zoned, 24/7 monitored access areas w/CCTV surveillance on all external & internal doors
  • Badge access into gateway
  • Badge plus biometrics into server suite

Environmentals

  • HVAC closed loop drycooler system (not chilled water)
  • Total cooling capacity > 1,360 tons
  • 56/20 ton Liebert Air Handlers & 17 drycooler units on roof
  • 24/7 environmental monitoring
  • 18″ raised flooring dedicated for air distribution & ventilation only

Power Systems

  • 7,000 amp 480V entrance from power company
  • 1.5MW & 2MW generator units with 3,000 fuel gallon capacity each (>24 hours autonomy @ max. load)
  • 10,000 amp – 48VDC power plant w/redundant rectifiers
  • 2 – 125 KVA, 2-500 KVA & 2-300 KVA AC UPS systems
  • 24/7 power systems monitoring

Fire Suppression

  • Dryline, multi-zoned, failsafe pre-action system
  • More than 500 photo-electric sensors throughout facility (overhead & under floor)
  • 24/7 local & remote monitoring

Lead Management System Network Infrastructure

Velocify understands the importance of network performance to the overall success of transactional applications. Our network is managed and monitored 24/7 for performance and security, including full network-based intrusion detection, by industry-certified networking and security experts.

Lead Management Hardware Redundancy

Web traffic is load balanced between multiple web-servers for performance and redundancy. Additionally, web and database content is stored on a multi-redundant fiber-optic SAN. In the event of catastrophic hardware failure service can be restored to our backup server network with a maximum 10 minutes of downtime.

 

Technology Platform

LeadManager is a state-of-the-art lead tracking and sales automation application service developed, supported, and hosted by Velocify.

Lead Management Software Platform Technology

LeadManager is built on a 3-tier object-oriented architecture, with logical separation from the presentation, business and data layers, making it highly scalable and maintainable. Based on the Microsoft .NET platform, LeadManager runs significantly faster and more reliably than conventional Web-based applications.

As a hosted application service, LeadManager allows each client to control their individual meta-data which allows for maximum system flexiblity. Additionally, LeadManager generalizes most settings in the system to allow nearly full customization of the workflow and the interface at both the client and user level. LeadManager uses cutting edge tools, such as context-sensitive right-click menus, to offer convenience through a more Windows-like interface than the less-friendly conventional Web-based interface.

Sales Automation Lead Delivery Options

There are numerous methods by which data can be input into the LeadManager. Data can be manually imported from within the LeadManager over a secure 128-bit SSL encrypted connection. Additionally, data can be imported automatically from outside the LeadManager application using any of the following methods.

  • XML & HTTPS Post
  • Email Processing
  • LenderSafe.com
  • Custom Implementations

Pipeline Management and Lead Distribution Technology

The LeadManager database is fully normalized with pre-compiled queries for increased performance and manageability. LeadManager uses the .NET framework caching system to store and retrieve frequently queried data in microseconds, and implements .NET web service clients to easily retrieve lead data from third party sources. LeadManager contains a completely customizable import system that can handle data from practically any source. Finally, its elegant foundation allows for easy integration with even unconventional third-party data feeds and backend systems.

LeadManager is available as an on-demand application service in our hosting infrastructure or a managed behind-the-firewall service. With the on-demand service, we maintain the software, supply the hardware, and manage the network infrastructure. Our clients reap benefits such as rapid deployment, lower total cost of ownership and the ability to focus on delivering results instead of managing technology. With the managed behind-the-firewall service, we maintain the software while the client provides the hardware and manages its proprietary network. In this case, the client’s internal IT staff maintains control over access to meet the most stringent of security requirements. Clients still get the benefit of “versionless” software and a state-of-the-art lead management system.

velocifywp1