Compliancy Group utilizes a distributed data center model comprised of three server farms, one in New York and two in Virginia. The New York center handles a portion of the customer processing as well as engineering, test and evaluation, and business operations. The primary processing center in central Virginia is responsible for the bulk of customer operations, while the secondary center acts as a emergency processing standby and backup for the engineering repository. The total disaster footprint for combined processing exceeds 25,000 square miles and utilizes three discrete power grids and network suppliers.
Customer data security and integrity is paramount to Compliancy Group. We utilize the National Security Agency (NSA) / National Institute of Standards and Technology (NIST) Common Criteria guidelines for secure data processing. The operating environment is SuSE Linux Enterprise Server v9 with the NSA-developed Security Enhanced Linux (SELinux) extensions. All customer instances are completely isolated from one other via these SELinux compartments, ensuring that no data cross-contamination or external access across compartments is possible.
System backups are encrypted using the Advanced Encrypted Standard (AES) block cypher and at no time leave the custody of Compliancy Group staff. Network access and security is controlled by multiple layers of Common Criteria approved devices, while access to the physical plant is permitted only to selected Compliancy Group employees.