In terms of cloud hosting, government contractors’ main concern revolves around compliance; about the safety and integrity of their data. Sand Solutions recognizes that many of its clients work as contractors or sub-contractors to multiple government agencies and because of this we assure that our best practice policy integrates the highest standard of compliance.
We recognize that we are entrusted with our clients’ intellectual property; as such it is the policy of Sand Solutions to hold all customer data subject to the code of Federal Regulations Chapter 22 ITAR
Our level of security adheres to the expectations of our clients and the government agencies they serve. We recognize that we are entrusted with our clients’ intellectual property; as such it is the policy of Sand Solutions to hold all customer data subject to the code of Federal Regulations Chapter 22 ITAR. We remain compliant with ITAR, HIPPA and PCI DSS. Compliance extends to procedures, policies, employee performance and our two data centers. We review our compliance practices on a regular basis, and as deemed appropriate, we align such practices to meet the expectations of our clients.
Highlights of Sand Solutions Compliance and Security Include:
Company Policies
- Password Safe software stores confidential access information
- Employee laptops are equipped with:
- Biometric fingerprint reader as primary authentication
- Password secondary authentication
- New employees or affiliates receive a 3rd party Background Screening prior to engagement that includes the following:
- Criminal History Screening
- National Criminal Database
- Identity Verifications
- Only U.S. Citizens are hired as employees and affiliates
- Secure-VPN is used for remote connections internally and all browser-based software uses secure SSL Internet access
Data Centers
- Client data is stored in one of two compliant U.S. Data Centers inside the United States where server hardware and software are collocated and managed by our employees
- SOC 1/SOC2 (2015) and HIPPA (2015) Compliant
- PCI Compliant
- Client access to applications centered around Deltek is encrypted over Secure-Socket-Layer (SSL) certificates with TLS 1.1/1.2 protocol implementations as mandated by the NIST
- Deltek Costpoint implementations utilize Database, Single-Sign-On or Active Directory authentication where the Costpoint Security Filter issues a “Nonce” or “value used in security protocols that is never repeated with the same key” as part of Token Input Data
Sand Solutions offers compliant cloud hosting for Deltek products as well as a other ERP software. For more information in our level of compliance, please contact us.