Assessment Plus takes the security of your information very seriously. You can rest assured that we have implemented and are constantly managing sound information security systems and practices to keep your data confidential.

The following are the three essential cornerstones of information security that we have implemented for you and your information:

1. Confidentiality (only those authorized can access it)
2. Integrity (making sure it’s not modified in an unauthorized fashion)
3. Availability (ensuring it’s there when you need to access it)

We have put the following specific information security controls and best practices in place in order to meet these requirements and more.

• Most importantly, Assessment Plus management and employees have bought into and understand the importance of information security for our clients.
• Firewall, intrusion prevention technologies, and anti-virus software are used on the network to prevent external hacker intrusions.
• We have implemented access controls and system “hardening” best practices on our internal computers, applications, and databases to support the principle of “least privilege”. This helps ensure the right people only have access to the minimum amount of information needed to get their jobs done.
• We apply critical security patches for the software we use as they are released.
• System redundancy and data backups are in place to minimize downtime and data loss in the event of a hardware or communications system failure.
• We have a security incident response plan, business continuity plan, and essential security policies - all based on the ISO 17799 framework and other well-known best practices - in place and kept up to date.
• We partner with external information security experts - that have literally written the book on information security - to perform ongoing security vulnerability assessments. In addition, they perform annual audits based on the ISO 17799 framework and other standards from the National Institute of Standards and Technology (NIST) and the Internet Engineering Task Force (IETF). This helps to ensure our systems and your critical information are protected against new and emerging security threats and vulnerabilities.
• All employees are trained on an ongoing basis on information security policies along with what to look out for and how to respond effectively if an incident or disaster occurs.
• All internally developed systems and applications use standard best practices for information security, such as encryption, segmentation, isolation, high level memory management, and more.

The bottom line is that information security is a top priority for Assessment Plus. Security is not a one time investment or a single device, but rather an ongoing requirement of doing business to help ensure that your information is kept secure now and in the future.