Many of our clients fall under some type of government regulations due to the sensitivity or the data that they store, process or transmit. Because F1 Solutions has unique access to client networks and manages clients in the Healthcare, Financial, Government Contracting, Infrastructure, and Retail industries, we decided years ago to strengthen our own data protections to better support you. Many of you may not know the lengths that F1 has gone through for its own compliance. We would like to give you an idea of just some of the tasks that we have spent over six figures implementing and thousands of hours maintaining. The following are just some of the actions we are taking on the F1 Solution’s internal network.
- Yearly risk assessments against DFARS and HIPAA compliance
- Remediation plans and action plans that are executed in a timely manner
- Quarterly internal and external vulnerability scans against NIST 800-53 controls – with remediation
- Our last penetration test was performed fall of 2016 and 1 recommendation followed. Penetration into our network from the outside was not successful
- Annual security awareness training with staff with periodic security reminders
- We perform “phishing” campaigns on our staff and provide remedial training on a regular basis
- We have a full set of written data security policies that are taught to and signed off on by staff members that meet both NIST 800-53 and 800-171 requirements
- We have Disaster recovery, Business continuity and backup plans in place
- All staff members go through background checks and security training before approval is given to access our/your networks
- We have detailed Standard operating procedures for all kinds of technical safeguards; too many to list
- We have strong technical tools in place to protect our network such as Managed Antivirus, firewalls with advance filtering features as well as Internet content filtering, advanced persistent threat monitoring, strong passwords, 2 factor authentications to critical applications and a very strong least permissions policy
- Our physical security is very strong and management of access to data is equally as strong
- We have robust alerting and Audit log management in place
- We are members of several data security groups and scour the internet on a regular basis for data security breaches and industry updates.
There are many other items that we address behind the scenes, but thought it important to update our valued clients on some of the processes that we go through to guard against all manner of security risks. No one is hack proof. But we have followed industry best practices and regulations to harden our systems to make unauthorized access as difficult as possible.