© 2020, Silver Tiger Consulting. All rights reserved.

SECURITY POLICY  PRIVACY POLICY

Silver Tiger Consulting is a certified Woman Business Enterprise (WBE) with the Commonwealth of Massachusetts
SDO ID #20180276

We are proud members of the following organizations:

neba logo.png
HBRAMA-logo-v3-300x232.jpg
NAHB-logo-e1539665075830-cropped.jpg

CD Strength LLC d/b/a Silver Tiger Consulting
Information Security Policy

Updated: January 2020

CD Strength LLC d/b/a Silver Tiger Consulting takes the security of customer data seriously. We have and continue to be bound by professional standards of confidentiality and have always protected your right to privacy.  We do not sell any of our customer's data.

We have implemented internal policies and controls to try to ensure that customer data is not lost, accidentally destroyed, misused or disclosed, and is only accessed by CD Strength LLC authorized personnel and any third party vendors as required in the course of performing our duties to our customers.

For current and former clients, we do not disclose any nonpublic personal information about you that is either provided to us by you or obtained by use with your authorization.  Permitted disclosures include, for instance, providing information to our employees and in certain situations, to unrelated third parties (vendors) who need to know that information to assist us in providing services to you.  Written agreements are in place for all such relationships.

 

Where CD Strength LLC d/b/a Silver Tiger Consulting engages third parties to process customer data on its behalf, we do so on the basis of written instructions, are under a duty of confidentiality and are required to implement appropriate technical and administrative measures to ensure the data is secure.

We will maintain data security by protecting the confidentiality, integrity and availability of the customer data as follows:

  • Confidentiality means that only people who are authorized to use the data can access it.

  • Integrity means that data should be accurate and suitable for the purpose for which it is processed.

  • Availability means that authorized users should be able to access and use the data if they need it for authorized purposes in a timely and reliable manner. Customer data should therefore be stored in approved data stores and made available to authorized users only.

 

How is data security managed

Our security is managed on multiple levels, including Physical, Network, and User Account Security. We maintain internal security policies and standards in support of its ongoing operations. Access to resources is granted only to those who reasonably require access, based on their responsibilities. Security processes include:
 

Physical Security

Physical access to any paper based client files is restricted to specific individuals and uses multiple levels of security, including badge access and physical lock access.  We make it a policy to never store sensitive information in paper format.  We do not host our own applications, nor have our own data center, however, our data is stored in managed data center environments that have the following certifications:

Compliance Certifications (with links directly to our vendor's policies):

https://www.jungledisk.com/industries/
https://security.intuit.com/
https://www.constantcontact.com/legal/security
https://www.adobe.com/security.html

Rackspace:
ISO/ IEC 27001

ISO 14001
ISO 18001
ISO 9001
SOC 1 (SSAE 18)
SOC 2
SOC 3
PCI DSS Level 1

FedRAMP JAB P-ATO
NIST 800-53
FISMA
NIST 800-171 (“DFARS”)
CJIS
ITAR
FIPS 140-2
HITRUST
Global Regulations and Privacy:

HIPAA
HITECH
Privacy Act
Swiss-US Safe Harbor
Content Delivery & Security Association (CDSA)
Tech UK Member

Network Security

  • Access to services we use is via standard HTTP and HTTPS connections.

  • All of your account, credit card, and subscriber information and content is encrypted via industry-standard Secure Sockets Layer (SSL) connections over HTTPS.

  • Administrative access to CD Strength LLC's infrastructure is limited strictly to authorized users with multi factor authentication. Individual usernames and passwords are required for all data access.

Incident Management

  • Our 3rd party software servicing providers have a documented Cybersecurity Incident Response Plan, a 24x7 Command Monitoring Center, a Cybersecurity Incident Commander and industry leading incident response teams at their disposal.
     

Patch Management

  • Our systems are routinely updated per vendor recommendations and industry standards.
     

Virus/Malware Management

  • We use up to date virus scanning software for detecting currently known malware.

  • Malware definitions are updated daily and installed as required.

Questions