Security and compliance are critical at MSJ IT Services Inc. We work hard to help secure individuals and companies. To meet the goals of our business, we protect our platform with industry-standard best practices.
Our services are hosted on the Google Cloud Platform, GCP, to leverage the best of breed data centers. GCP utilizes multiple layers of security to protect their infrastructure. The protection segments include custom access control, vehicular control, biometrics, and more. You can learn more at https://cloud.google.com/security/overview/whitepaper.
Google's infrastructure is regularly audited and meets many compliance regulations, including SOC2 Type II and ISO 270001. Additional details are available at https://cloud.google.com/security/compliance/.
Each MSJ IT Services employee utilizes unique logins to provide traceable and auditable individual actions within our systems.
We protect accounts with two-factor authentication where available. We give preference to physical keys and one-time password generating applications. We permit SMS two-factor authentication only when other options are not available.
The Guardian application undergoes internal penetration testing using standard security tools. Penetration testing occurs in non-production environments.
MSJ utilizes Google Cloud Platforms Intrusion Detection Services. Google monitors its cloud infrastructure at all times by looking for suspicious patterns and activities within its network.
Google encrypts all data at rest.
MSJ Guardian utilizes load balancers and servers spread through multiple Google Cloud Zones to ensure resilience to downtime and system failures.
Our system design utilizes master servers to monitor resources and replace nodes as needed. Monitoring provides alerts to our team if data is lost.
Critical data is backed up automatically by Google's hosted Cloud database services.
Weekly backups are stored offsite in case additional data is required.
In the event of a significant outage, MSJ can provision systems in another region using our coded deploy system.
Disaster Recovery exercises are conducted on an annual basis to ensure that the procedures work correctly.
MSJ limits the types of data that it collects. MSJ works to redact passwords and API keys from all logs.