Security and Compliance

Security and compliance are critical at MSJ IT Services Inc. We work hard to help secure individuals and companies. To meet the goals of our business, we protect our platform with industry-standard best practices.

Hosting

Physical Security

Our services are hosted on the Google Cloud Platform, GCP, to leverage the best of breed data centers. GCP utilizes multiple layers of security to protect their infrastructure. The protection segments include custom access control, vehicular control, biometrics, and more. You can learn more at https://cloud.google.com/security/overview/whitepaper.

Compliance

Google's infrastructure is regularly audited and meets many compliance regulations, including SOC2 Type II and ISO 270001. Additional details are available at https://cloud.google.com/security/compliance/.

Logical Security

Each MSJ IT Services employee utilizes unique logins to provide traceable and auditable individual actions within our systems.

We protect accounts with two-factor authentication where available. We give preference to physical keys and one-time password generating applications. We permit SMS two-factor authentication only when other options are not available.

Penetration Testing

The Guardian application undergoes internal penetration testing using standard security tools. Penetration testing occurs in non-production environments.

Intrusion Detection

MSJ utilizes Google Cloud Platforms Intrusion Detection Services. Google monitors its cloud infrastructure at all times by looking for suspicious patterns and activities within its network.

Encryption at Rest

Google encrypts all data at rest.

Business Continuity

High Availability

MSJ Guardian utilizes load balancers and servers spread through multiple Google Cloud Zones to ensure resilience to downtime and system failures.

Our system design utilizes master servers to monitor resources and replace nodes as needed. Monitoring provides alerts to our team if data is lost.

Business Continuity

Critical data is backed up automatically by Google's hosted Cloud database services.

Weekly backups are stored offsite in case additional data is required.

Disaster Recovery

In the event of a significant outage, MSJ can provision systems in another region using our coded deploy system.

Disaster Recovery exercises are conducted on an annual basis to ensure that the procedures work correctly.

Data

MSJ limits the types of data that it collects. MSJ works to redact passwords and API keys from all logs.

Additional details about our data policies are in our privacy policy.